The Enormity of Operationalizing the Principles of Privacy by Design
It’s one thing to have a Privacy by Design framework at your organization — but the day-to-day implementation is another challenge entirely.
Pinning down the definition of Privacy by Design (PbD) in exact terms is difficult because privacy leaders at different types of organizations view it differently (from a general philosophy to a completely structured, framework-based approach), but it always comes back to seven principles:
- Proactive not reactive
- Privacy as the default setting
- Privacy embedded into design
- Full functionality
- End-to-end security
- Visibility and transparency
- Respect for user privacy
Incorporating all seven principles into every area of an organization is a massive, ongoing undertaking.
Members of the Data Privacy Board — all privacy leaders at billion-dollar brands — have discussed this challenge from different angles, but a recent community discussion left several leaders with a better understanding of the state of others’ programs and how they’re approaching this challenge.
For one member in particular, a data privacy leader at an engineering company, the conversation allowed him to benchmark his program against others at varying maturity levels and gather tangible insights for moving his program forward.
Data Privacy Board Members at Brands Across Various Industries with Differing Levels of PbD Maturity Came Together to Discuss What is (and isn’t) Working for Them
The member classified his Privacy by Design program’s maturity as “in process” at the beginning of our facilitated discussion on the topic — but he quickly found similarities with that of a member with a more mature program.
A main concern he raised was the challenge of retrofitting Privacy by Design to legacy vendors and systems — and moving to become more proactive, rather than reactive. The privacy leader with a more mature program expressed the same concern and said they use a forward-focused approach by building in PbD principles as new vendors and programs come on board.
This leader, as well as several others, had processes for implementing PbD principles for legacy vendors, including tiering vendors by risk and reviewing them in one-to-three-year cycles accordingly and auditing vendors as they come up for renewal.
A Single Phone Call Helped a Data Privacy Leader Mature his PbD Program
During the discussion, half a dozen leaders shared insights into their own programs, how far they’ve gotten into operationalizing Privacy by Design, and the concerns they continue to have. The member at an engineering brand not only left the call with tangible next steps to implement at his organization, but also the comfort of having found similarities between his program and another member’s more mature one.
Membership Helps Data Privacy Leaders Navigate Uncertainty Every Day
This is just one example of how our community helps Data Privacy Board members navigate the enormous, ongoing challenges privacy poses. Our on-demand, unlimited support is always there to support our members, anytime they need it.
If you’re leading data privacy at a major enterprise, you don’t have to go it alone — this community is for you.