Highlights:
-
- Bolstering your enterprise’s privacy knowledge can be challenging — it’s a complex and evolving space shrouded in legal regulations. You should aim to present digestible information tailored to the individual’s role and necessary level of knowledge.
- Collaborate with senior leadership in order to effectively get in front of employees, whether through lunch and learns, town halls, and other presentation methods.
- Many enterprise leaders have leveraged Data Privacy Day/Week to raise awareness for their programs.
Data privacy is a rapidly evolving space regulated by a fragmented global legal landscape. In other words, it’s a lot to keep pace with, even for those in the industry.
Sarah Stalnecker, Global Privacy Director at New Balance Athletics, touched on this complexity during a Data Privacy Board panel discussion on internally branding your privacy program.
“The minutiae of what you have to manage when it’s a global privacy department, and there are changes to existing privacy laws day by day; it’s very complex.”
Despite the apparent intricacies, it’s still critical that enterprise employees understand the privacy issues that could impact their products and strategies, even if just broadly. Perhaps more importantly, the enterprise must see the value of the privacy program.
Developing employees’ level of awareness and knowledge of data privacy is a continuous journey, especially at a large enterprise. What tactics will garner the best results, and where should you focus your efforts?
Here are four best practices to follow.
1. Raise awareness by getting in front of employees
Before you can begin any specific training, you first need to ensure everyone understands the foundational components of your data privacy program and why it’s meaningful.
This is particularly important if your department is still fairly new, which is not uncommon at many enterprises. Sarah said her team is really focused on building this awareness and value proposition.
“We’re not the same as security. We’re not the same as governance. So there’s a fair amount of education that needs to take place.”
Sarah Stalnecker, New Balance Athletics
Sarah said the team meets quarterly with senior leaders, where they’ve asked to speak at upcoming town halls to outline the key privacy principles members of the organization should understand.
At those town halls, an executive will do an introduction where they explain why privacy matters, further driving home why the program is so meaningful.
Following these town halls, Sarah said other departments will reach out to involve privacy in the products and strategies they’re working on.
“I think that’s been very helpful in terms of getting broad organizational exposure very quickly,” she said.
During the Data Privacy Board discussion, panelist JoAnne Breese-Jaeck, VP and Chief Privacy Officer at Northwestern Mutual, also shared how they leverage periodic lunch and learn sessions.
Additionally, the enterprise has a Privacy and Data Ethics Council in place, which is a cross-functional group of mid-to-high-level employees who will evaluate privacy and data ethics questions and recommendations. JoAnne said this group has helped drive enterprise alignment and prepare for regulatory changes like the CPRA.
JoAnne said they also recognize employees through certificates and recently launched the first annual Privacy Champion Award, where the privacy team nominates 12 people who have gone above and beyond.
“That’s kind of a small thing, but people really do appreciate the moment of being recognized,” she shared.
2. Strive to present digestible information
Once you’ve created this general awareness, you can communicate education based on everyone’s responsibilities and how and when they interact with data within their role throughout its lifecycle.
Sarah and JoAnne both highlighted the importance of tailoring your message to the individual or department and the level of information they need to know.
They advised straying away from the complexities and instead focusing on delivering more digestible information. It’s important for employees to know the basics of GDPR, CPRA, and privacy law in China, but beyond that, they should understand the organizational processes in place.
Employees should understand the common threads throughout these regulations so they can proactively identify flags and privacy concerns within their own enterprise functions.
Sarah shared how they leverage presentations — generally 15 minutes or less — that are tailored to different enterprise functions. They also work to make these presentations visually engaging since you’re likely to lose your audience with complex legal information.
“I try to make sure it’s very much focused on exactly what we want people to walk away with,” she said. But again, we do tailor it so that it looks different for our marketing team, because what’s going to matter for them is a bit different versus the technology team.”
JoAnne described a similar philosophy as it related to training modules, and agreed that when you lead with the law itself, people tend to lose interest in the conversation. Instead, she said it’s more effective to apply education to the employee’s actual work when possible.
They leverage a set of standardized modules for onboarding and annual training; however, they also incorporate live user-based training for the individual’s specific role.
3. Leverage Data Privacy Day/Week
Data Privacy Day/Week takes place around January 28 as “an international effort to create awareness about the importance of respecting privacy, safeguarding data, and enabling trust,” per the International Association of Privacy Professionals.
The event can be a great opportunity to raise awareness across the enterprise.
JoAnne shared that at Northwestern Mutual, the week-long celebration included awards, published articles, and a lunch and learn hosted by the privacy team. She said some team members also took to LinkedIn to recognize areas of the company that have served as critical privacy partners.
“We gave them all mugs, all the way from our senior leadership team down to entry-level people who we felt had really made a difference for our program,” JoAnne said.
4. Benchmark with other senior privacy leaders
In an evolving space like data privacy, you can’t undermine the value of benchmarking your strategies — whether it’s educating the enterprise, branding your program, preparing for upcoming regulations, or gaining C-suite support, benchmarking strategies with other privacy leaders.
The Data Privacy Board is where senior privacy leaders like JoAnne and Sarah at billion-dollar companies get trusted peer insights in a confidential, vendor-free setting.
