Key takeaways:
- It’s no secret that privacy is complex. Employees and executives might want a defined set of policies and concerns, but there’s no one-pager for your program.
- Privacy, cybersecurity, and data governance are different functions with different goals, but there’s no denying there’s some overlap. Cross-team collaboration can help drive alignment on what’s in scope for each time.
- There’s enough privacy work to go around, and you don’t want your team to become a catch-all for every enterprise request. Education is required to help employees really understand what your team does.
An effective enterprise data privacy strategy hinges on cross-functional communication. Data protection is not a privacy, IT, or governance responsibility — it’s a business responsibility and one that demands attention and action from nearly every department.
Still, privacy leaders know the challenges of internally branding an enterprise program. Even after you’ve gotten the word out and promoted the value of privacy, you often need to manage expectations and define what’s in scope for your team.
How do you emphasize your capabilities and limitations? For many, this is a work in progress. Data Privacy Board Members Sarah Stalnecker, Global Director of Data Privacy at New Balance Athletics, and JoAnne Breese-Jaeck, Vice President and Chief Privacy Officer at Northwestern Mutual, recently shared their tips during a panel discussion on privacy branding.
Privacy Requires a Nuanced Approach — Help Employees Understand the Complexity
It’s clear that other departments need to care about privacy implications, but they may not fully understand the complexities of privacy as an enterprise function.
Sarah highlighted this challenge, saying sometimes employees expect a defined set of parameters outlining privacy concerns and policies, which is a difficult ask given the many nuances.
“The details of a certain situation matter so much and can change the recommendation,” Sarah said, adding that evolving regulations could change how you decide to resolve a privacy issue at that moment.
JoAnne echoed this statement and shared a lesson learned early on in her leadership role.
“Someone in the organization said to me, ‘Well JoAnne, we want to do privacy right. So just give me the one-pager, and we’ll implement it.”
Simply put, there’s no one-pager for data privacy, and JoAnne said she had to take a step back and consider how to provide this information in a way that allowed the employee to understand the underlying complexities.
“So a one-pager is not possible, but we’re going to take pieces of it and begin to solve for it,” she said.
“Take the time to think about how you want to talk about challenging issues.”
JoAnne Breese-Jaeck, Northwestern Mutual
Emphasizing Cross-Team Collaboration
While each department serves a unique purpose, overlap still exists between privacy, cybersecurity, and data governance. As a result, Sarah and JoAnne agreed that cross-department collaboration is crucial to defining what’s in scope for each.
For example, Sarah said if you’re bringing on a third-party service provider, each group needs the opportunity to determine what role and function the vendor needs to service for their relevant spaces.
At Northwestern Mutual, JoAnne said they’ve stressed collaboration by developing joint reporting, which has driven alignment and served as a helpful branding tool.
“We came up with a graphic that showed all three of our functions and put the core capabilities of each,” she said.
You’re bound to see overlap, such as in areas such as access controls. If you’re referring to multifactor authentication, then it’s a clear cybersecurity initiative, but if you’re pointing to user access to certain data, it falls under privacy.
JoAnne said, “When you put these things together, and you start reporting to the enterprise on them as a group, it forces, in my mind anyway, a conversation about what’s ours, and what’s yours.”
Sarah agreed that at New Balance, collaboration between these departments has ultimately helped keep everyone in their own lane.
“There’s way more than enough work to go around, particularly in the privacy landscape. So our focus continues to be building the foundation of our program while reacting to the privacy laws that pass on a day-to-day basis,” she said.
Promoting Privacy Education
In order to define what’s in scope and get the enterprise to understand how privacy differs from governance or security, Sarah said a fair amount of education is needed.
“We don’t want to get in a situation where we become a catch-all for every last request that could come down the pipeline because we can’t address them all.”
Sarah Stalnecker, New Balance Athletics
JoAnne and Sarah shared their best practices for bolstering enterprise privacy knowledge, which includes user-tailored training modules, lunch-and-learn sessions, town hall meetings, articles, and more.
Regardless of the medium used, they stressed the importance of presenting digestible information.
Sarah shared how New Balance leverages presentations — generally 15 minutes or less — that are tailored to different enterprise functions because what matters to Marketing will differ from Human Resources.
When possible, JoAnne said they leverage live user-based training modules so employees can apply privacy education to their actual work.
Learn How Other Privacy Leaders are Branding and Defining Their Programs
When it comes to laying the groundwork for a successful privacy program, no one truly understands the challenges like the enterprise leaders who are doing the work.
Sarah and JoAnne shared their actionable advice on positioning privacy as an enterprise asset, promoting internal education, articulating terms and concepts, and more, during a live Data Privacy Board panel.
Data Privacy Board members — senior privacy leaders at billion-dollar brands — have conversations like this daily in a confidential and completely vendor-free setting. Get in touch below to learn how you can join them.
