Enterprise data privacy can’t exist as an isolated operation but instead should serve as a vital thread woven into the fabric of the enterprise. As a data privacy leader, you know you can’t achieve this level of influence without first securing crucial support from your C-suite executives.
Data privacy is already a concern of many senior executives, according to 2021 PwC’s Top Policy Trends report. Among the 400 surveyed C-suite leaders, 44% listed data privacy as one of the top three policies impacting the business.
Over the past few years, enterprises have been adapting their data policies to comply with the rapidly evolving regulatory landscape — from the European’s Union’s General Data Protection Regulation (GDPR) to the California Consumer Protection Act (CCPA).
Many executives have acknowledged the growing need to regulate how enterprises collect, store, and share data. Even so, data privacy is not typically perceived as an innovation or profit driver, and it can be challenging to sell the value of a program rooted in risk avoidance.
Despite the recognized importance of data privacy, some executives worry it could stifle innovation and their ability to effectively operate the enterprise. More than one-third of leaders even report tension between innovation and compliance, per a Bizagi report.
As your organization’s data privacy head, you need your C-suite to serve as a champion for your work. Here are some best practices in securing C-suite support for your data privacy program.
Understanding the enterprise goals
Before you can turn your CEO and leadership team into strong data privacy advocates, you first need to understand the context of the organization.
It’s critical to consider the mission of the enterprise and how data privacy will align with that purpose. Ask yourself, will the goal of data privacy be focused on consumer protection, consumer benefits, protecting vulnerable populations, or some other function?
For example, Apple — which is often recognized for its data privacy efforts — has a mission “to bring the best personal computing products and support to students, educators, designers, scientists, engineers, businesspersons, and consumers in over 140 countries around the world.”
The brand’s data privacy policies fall in line with that mission. Apple collects personal data for the sole purpose of improving its products, services, and content, as well as to keep accounts secure. However, Apple states that it does not share personal data with third parties for marketing purposes.
In 2014, CEO Tim Cook emphasized this policy in an open letter to customers, writing, “A few years ago, users of internet services began to realize that when an online service is free, you’re not the customer. You’re the product. But at Apple, we believe a great customer experience shouldn’t come at the expense of your privacy.”
Apple effectively leverages privacy as a marketing tool and business advantage by putting its data privacy strategy at the forefront of its products and brand reputation.
While this strategy has worked for Apple, it won’t be suitable for every organization — plus, it carries risks. If you place your privacy goals at the top of your business strategy and you experience a privacy issue, then you’ve opened the brand up to negative media.
In order to operate in alignment with the enterprise, you must consider how high-profile your C-suite wants data privacy to be. What role do they envision privacy playing?
Educating the workforce
As a senior data privacy leader, you’re fluent in the language of data privacy — it’s likely your C-suite is not. Education can play a critical role in establishing the value of your program.
An Investis Digital article on how C-level executives can own data privacy states, “It’s no longer acceptable to assume someone else in your organization understands the vagaries of data privacy.”
It’s the Chief Privacy Officer’s duty to engage and effectively educate both the C-suite and workforce on the requirements and goals of the data privacy program. This can be achieved through various learning materials, assessments, and presentations to the C-suite, among other resources.
The demand for workplace data privacy education has experienced rapid growth in recent years. According to the ethics and compliance firm LRN Corporation, the completion of data privacy courses increased by 262% between the first and second quarters of 2018.
Still, data privacy should be more than a set of loosely followed guidelines and a few online courses may not be enough to drive home the crucial nature of data protection.
Jennifer Farthing, former Chief Learning Officer at LRN, said, “Companies with programs that hammer home organizations’ and employees’ obligations to safeguard the data of clients and customers, educate employees on the permanence of their digital correspondences, and use interactive learning stand the best chance of affirming ethical and affective behaviors.”
Benchmark with other data privacy leaders
Operating in an evolving space like data privacy is a lofty challenge, but it’s one you aren’t facing alone.
Whether it’s communicating with the C-suite or navigating regulatory changes, it can be beneficial to benchmark strategies with other senior data privacy leaders.
The Data Privacy Board helps privacy leaders at the world’s biggest companies — Expedia Group, USAA, and more — get fast answers to their toughest questions by connecting them with peer practitioners in a confidential, vendor free community.