While not likely to be made a federal holiday anytime soon, January 28 marks Data Privacy Day, created to raise awareness about the importance of data privacy for companies and consumers. What was a small gathering of academics and privacy experts a few years ago is now widely recognized in the US, Canada, and 27 European countries.
For good reason, privacy has become an essential corporate competency and potential communications challenge for any business that collects, shares, and uses sensitive information. Data privacy rights and practices seem to be making an unstoppable rise in the boardroom, media, and regulatory agenda, creating a potential impact on trust and reputation. Indeed, a majority already indicates that it is more concerned about the issue than ever before.
Yet, privacy has traditionally sat in the legal department of most organizations with little intervention by communications professionals. This will need to change as the potential implications of mismanaged privacy incidents have a significant impact on corporate trust. Edelman's 2013 Trust Barometer found lack of transparency a key detractor from trust in business. We also know that companies are struggling to be transparent about data privacy practices According to the Edelman Privacy Risk Index, developed by the Ponemon Institute, 57% of privacy leaders surveyed indicated that their organization is not transparent about what it does with personal information.
As consumers become increasingly aware of their digital footprint and how businesses are using information about them, they are demanding greater transparency about how their personal data is being used. As communicators, it's our job to deliver this accountability.
The good news is that there is an upside. Businesses and organizations that meet the challenge of managing data security and privacy effectively will differentiate themselves by bringing value to the marketplace and inoculate themselves from much of the potential scrutiny when dealing with a sensitive issue.
In honor of Data Privacy Day, I'd like to share some best practices for communicators in managing these issues:
- Make privacy cross-functional: Privacy has moved beyond being exclusively a legal compliance issue; it now should involve a much broader group of stakeholders including communications, business operations, and IT staff. Having alignment will help identify potential issues early and help to act quickly during a crisis.
- Understand communication risks: Communicators need to understand how their company is collecting or using information so they can evaluate what practices might raise concerns with consumers.
- Plan for a data breach: Data breaches have become high-risk and impact events and it's imperative that companies have communications plans in place before they become a victim. Having the proper procedures and processes in place prior to an incident can significantly reduce cost and reputational damage for a company.
- Product launch review: Companies are vulnerable to scrutiny when releasing a new product or service that requires the sharing or use of information in new and novel ways. This mandates making privacy and security an essential part of messaging for a launch to avoid confusion and backlash.
Perhaps as a first step, all of us communicators should take our chief privacy officer out for a cup of coffee in honor of Data Privacy Day?
Leigh Nakanishi is a privacy and security communications strategist at Edelman.