Key takeaways:
- In order to secure the necessary funding and resources, privacy leaders need to advocate for the value of their program.
- It’s important to illustrate how the resources will advance not only your program but the broader enterprise initiatives. It’s important your program’s goals ladder up to larger brand values.
- Everyone in the enterprise speaks a different language — it’s helpful to tailor your message to each executive leader.
- If you can’t gain resources in the form of dollars, then consider what help you can leverage from other departments.
In recent years, the data privacy space has experienced rapid growth in the form of new legislation, stakeholder interest, vendors, and more. Data privacy is arguably one of the most crucial tasks for today’s companies.
Despite this development, privacy heads still need to advocate for their programs in order to secure necessary funding and resources — and it isn’t always easy.
Privacy is not often seen as a revenue or innovation driver, making it all the more challenging to sell the value in your program. However, there are best practices to consider.
Here are four tips on securing resources for your data privacy program.
1. Align Your Goals to Broader Enterprise Initiatives
If you’re going to request additional funding or resources, you need to illustrate how they’ll advance your program’s goals.
It’s important to clearly articulate this to leadership. Christina Kogan, Senior Director of Privacy at Workday, touched on this during a Data Privacy Board panel discussion, saying, “Actually spelling it out with some detail, I think is oftentimes successful.”
But it’s not enough to demonstrate the benefits to the privacy program alone; it’s important to outline how these resources will enable broader business initiatives.
This is why it’s crucial for privacy’s goals to be aligned with overarching enterprise objectives. Data Privacy Board Member Sarah Stalnecker, Global Director of Data Privacy at New Balance Athletics, highlighted this during a panel on internal branding held in January.
Sarah advised privacy leaders to determine what the long-term vision of their company is and how privacy can aid in that journey.
“How do we make sure that we’re laddering up to the larger brand purpose and brand ideals so that there is a little bit of consistency with overall what the brand is trying to achieve? Part of being a purpose-driven brand absolutely extends to the way that you collect, keep, store, share, and delete data, right?”
Sarah Stalnecker, New Balance Athletics
2. Tailor Your Message to the Business Need
It’s clear that how you communicate with leadership can make a big difference in how your program is viewed by the enterprise.
To gain traction with executives, it’s beneficial to tailor your message, according to Richard Purcell, Microsoft’s first Chief Privacy Officer, Corporate Privacy Group founder, and Chair of the DHS Privacy Advisory Committee.
Richard told the Data Privacy Board to adjust your message to each executive leader — a tactic he has leveraged throughout his career. Everyone in the enterprise speaks a different language, so it’s important to highlight how data privacy impacts their strategy and goals.
For example, a Chief Marketing Officer is concerned about brand reputation, so Richard advises highlighting how data privacy can further protect the brand. On the other hand, a Chief Financial Officer is focused on revenue, so show them how privacy can be a revenue issue.
“Each of those roles has its own funnel — where words and positioning strike a chord — I had to understand which one of them had which kind of triggers and talking points.”
Richard Purcell, Corporate Privacy Group Founder
3. Leverage Cross-Department Resources
Sometimes obtaining the resources you need is about more than just requesting funding.
Patrick Chavez, Chief Privacy Officer and Associate General Counsel at Edward Jones said privacy leaders can leverage other areas of business. He suggested looking to your peers in information security, internal audit, and risk since your program’s goals are often aligned.
Patrick shared during a panel discussion on scaling your privacy program, “We’re able to leverage help from those other organizations. Sometimes, it’s not just a matter of I need money for an attorney, or I need money for technology. It’s how can I get resources? Be creative and get resources in a different way.”
4. Benchmark with Your Industry Peers
There’s no one-size fits all approach to positioning your privacy program. Jennifer Garone, Senior Director of Privacy and Information Governance at Carnival, said that much of this journey hinges on your company’s culture around compliance.
During the panel discussion, Jennifer said, “You need to look at your culture, not just of your department, but of your organization. What do they value.”
While different approaches may work at different organizations, it’s helpful to hear what’s worked and what hasn’t for your peers in the industry.
Data Privacy Board members are able to gut-check their strategies in a completely confidential space.
