Helene Beauchemin is the legal counsel at Stradigi AI. She specializes in business law and intellectual property, and plays a vital role in developing and maintaining the company’s compliance programs.
This week at Big Data & AI, I gave a presentation on how businesses can implement a strong privacy culture in their organizations. A culture of privacy is centred around making everyone aware of what it actually means to be compliant, and furthermore, what their individual roles and responsibilities are when it comes to handling sensitive data.
Considering the fact that 81% of consumers are concerned with how businesses use their data, privacy is no longer just about staying out of trouble: it’s about protecting your corporate reputation and bottom line.
Here is a quick peek into some of the ideas I covered at the event:
1 – Drive awareness around key issues in data privacy.
You might be thinking: why would my non-technical teams care about data privacy when they are not dealing with it every day? In reality, data privacy is everyone’s responsibility, and in most instances, privacy breaches occur due to a mishap from employees.
Driving awareness can be as simple as hosting a lunch & learn or running a workshop, outlining 101 best practices. Those initial steps will help you get a better understanding of your employees’ knowledge levels of these issues. If you take this route, make sure you contextualize your trainings to fit the audience to help situate how data relates to their relevant day-to-day roles. If you are using Slack, you can also start a channel to field general questions of interest regarding privacy issues, and distribute content on hot topics (like, say, Facebook).
2 – Launch an educational program for your organization.
The key to a successful privacy culture is ensuring that everyone is aware that privacy is their responsibility. In addition to regular training from your legal department, experiment with an ambassador program or identify a data privacy champion in each department who will join an internal committee.
Your privacy committee can approach key topics from a compliance perspective, and highlight issues in formal settings like meetings, but also in informal settings like stand-ups. Ensuring your committee represents the diverse teams in your company is essential, as having a voice and perspective from each team will contribute to a truly holistic approach in your privacy initiatives and facilitate risk management.
3 – Get a legal perspective early in the process
Too often, tech teams can go too far without considering the intricacies of data privacy. If your legal team can have a foothold on projects from the very beginning, you can safeguard yourself from wasting time and resources on ideas that are too risky to be brought to market for a variety of reasons.
Having your legal counsel involved in every meeting is, of course, unrealistic. This is where your internal committee can come in handy: by having individuals in the organization conscious of data privacy issues, who can think from a specific frame of mind, you can increase efficiency for the entire organization.
No matter what type of data you are dealing with and how you are using it, privacy should always be a core value of your organization. We have seen how privacy breaches can upend a business’ reputation firsthand. Privacy isn’t just about being compliant and lawful, it’s about building and maintaining customers’ trust.