Highlights:
- In order to sell the value of your data privacy program, it’s important to align your mission and vision with the overarching enterprise principles and objectives.
- Positioning privacy as a brand opportunity can be challenging, but pointing to new consumer expectations and legal requirements can help you gain traction. It’s also helpful to demonstrate how privacy is integral to the success of data strategy.
- Having strong enterprise relationships is imperative to securing support for your program. Remember to tailor your message to each executive and the level of information they need at that moment.
How you internally brand your enterprise data privacy program is paramount to fostering interdepartmental cooperation, communication, and executive-level support. After all, no successful data privacy program can exist in a silo.
Still, many enterprise privacy leaders are familiar with the challenges of selling the value of a program rooted in risk mitigation and getting others to truly understand what your team does.
Given these challenges, how can you position privacy as an enterprise asset and brand opportunity? Here are four actionable approaches from leaders in the industry.
1. Demonstrate Your Clear Mission and Vision
While many executives have acknowledged the growing need to regulate how data is collected, stored, and shared, getting leadership to fully embrace privacy as a value proposition can still be challenging.
How do you get the organization to see privacy as an essential component of the corporate strategy?
During a Data Privacy Board panel on internally branding your privacy program, Sarah Stalnecker, Global Director of Data Privacy at New Balance Athletics, highlighted the importance of aligning your program’s mission, vision, and principles with the overarching enterprise objectives.
Ask yourself, what is the long-term vision of your company, and how can privacy aid in that journey?
Sarah said, “How do we make sure that we’re laddering up to the larger brand purpose and brand ideals so that there is a little bit of consistency with overall what the brand is trying to achieve? Part of being a purpose-driven brand absolutely extends to the way that you collect, keep, store, share, and delete data, right?”
“Part of being a purpose-driven brand absolutely extends to the way that you collect, keep, store, share, and delete data.”
Sarah Stalnecker, New Balance Athletics
JoAnne Breese-Jaeck, Vice President and Chief Privacy Officer at Northwestern Mutual, echoed this thought during the panel discussion, saying that it’s important to begin with a clear and specific vision.
“As we built our mission and vision statement, it became clear that yes, we have to ensure regulatory compliance, but we also need to make sure that we’re meeting consumers and their expectations, all while we unlock the value of data.”
Simply put, she said, “We don’t succeed as an organization without trust.”
2. Outline Privacy as a Brand Opportunity
Data privacy is not often viewed as a profit or innovation driver, but enterprise privacy leaders still need their companies and executives to care about their privacy programs.
At Northwestern Mutual, JoAnne said the team has worked to demonstrate how privacy can actually be an enabler of data strategy — a business unit that is typically seen as a revenue driver.
“As you come forward with an increasingly important data strategy, understanding the lifecycle of data and privacy is actually an enabler of that strategy was really important to our program and our success.”
JoAnne Breese-Jaeck, Northwestern Mutual
The privacy team worked with the Chief Data Officer and Chief Information Security Officer to develop joint reporting so the enterprise could see that data strategy is founded on the success of the privacy and information security programs. JoAnne said this tactic was one of the most impactful strategies they’ve used to gain enterprise support.
At New Balance, Sarah said one way they’ve positioned privacy as a brand opportunity is by tying it to consumer wants, saying, “It isn’t just rules and mandates; it’s really consumers who are shifting their expectations.”
Consumers are becoming increasingly aware and concerned about the data they share and with whom, particularly as high-profile data breaches appear in the press.
According to a McKinsey & Company report, 87% of surveyed consumers said they would not do business with a company if they had concerns about its security practices. 71% said they would stop doing business with a company if it gave away sensitive data without permission.
Sarah said, “It’s their data, and that’s why privacy laws were put into place, to give power back to consumers.”
Demonstrating this consumer pressure has helped the privacy team achieve greater enterprise-wide influence.
3. Building Enterprise awareness and Education
It’s critical that privacy is embraced by the entire enterprise — particularly at a large organization where the workforce can encompass thousands of employees. When employees don’t understand the value of privacy, someone could inevitably take a shortcut that exposes the enterprise to risk.
Sarah shared that, relatively speaking, their privacy program is still fairly new — which is the case for many enterprises.
As a result, they’re focused on really creating a general awareness of why the program exists, why it matters, and why it’s meaningful to the enterprise that privacy is a standalone department.
“We’re not the same as security. We’re not the same as governance. So there’s a fair amount of education that needs to take place,” she said, adding that the education is done both formally and informally.
The team roughly measures their internal education by looking at how many team members are aware of the privacy program, and how often the team is involved in projects. When other departments are reaching out to privacy organically, it’s a good sign that they understand why the program is important.
Sarah said, “These are kind of softer things, but what we find is, are we getting traction where people are reaching out to us proactively for the things that are relevant for our group?”
4. Securing Leadership Support
JoAnne also highlighted the importance of having broad enterprise relationships early on, calling it the “recipe for success.”
From a leadership standpoint, JoAnne suggested tailoring your message to the level and need of the executive. She advised structuring the conversation by saying here’s the issue, here’s the challenge, and here’s the potential solution.
In a Data Privacy Board guide on internal branding, industry expert Richard Purcell, Microsoft’s first Chief Privacy Officer, and Corporate Privacy Group Founder, echoed this statement.
Everyone in the enterprise speaks a different language, so it’s important to highlight how data privacy impacts their strategy and goals.
For example, a Chief Marketing Officer is concerned about brand reputation, so Richard advises highlighting how data privacy can further protect the brand. On the other hand, a Chief Financial Officer is focused on revenue, so show them how privacy can be a revenue issue.
“Each of those roles has its own funnel — where words and positioning strike a chord — I had to understand which one of them had which kind of triggers and talking points,” Richard explained.
He added that it’s vital to find privacy champions across the enterprise, or you’ll constantly be swimming upstream. This will require you to have a highly collaborative spirit because, according to Richard, no Chief Privacy Officer has a lot of native authority.
Benchmark with Enterprise Privacy Leaders
Branding an enterprise privacy program is a continuous journey, but it’s one you don’t have to face alone.
The Data Privacy Board is where senior enterprise privacy leaders at companies like New Balance and Northwestern Mutual can receive candid peer insights in a confidential and vendor-free setting.
