Five things companies that deal in data should consider

Between the revelations of NSA surveillance and the explosion of data being shared online, privacy is top of mind for almost everyone with a pulse and Internet connection.

Between the revelations of massive NSA surveillance and the explosion of data being shared online, privacy is top of mind for almost everyone with a pulse and Internet connection.

For companies that collect and use personal information, this increased awareness has made privacy a key trust and reputation driver. Failure to adopt privacy-aware business practices and communicate with key stakeholders about the topic has led to significant reputational damages for companies in seemingly every sector.

However, I am often surprised at the level of corporate engagement and programming when talking to communications leaders at companies large and small. The good news is there are several steps they can take to stay ahead of this issue.

Communicate a privacy promise with principles not policies
Companies need to rethink how they engage key stakeholders on privacy and security issues. Most tend to take a head-in-the-sand approach or think that having a privacy policy will inoculate them from scrutiny. Unfortunately, a legalese-laden privacy policy often confuses more than clarifies and does not deliver messages that demonstrate trust.

Instead, much like with sustainability, companies should develop a narrative that communicates the company is committed to managing these issues. Having clear principles that communicate privacy commitments to consumers is a better approach. For instance, on its website, Mozilla clearly outlines six plain-language principles for how it handles data.

Find shared value in data
“Data privacy” does not mean not collecting or using data. In fact, it should mean the opposite. People want customized experiences and new services that make their lives easier. They just want to know that in exchange for sharing their information, they are receiving some sort of value, be it better tailored content, a free service, or the improved performance of a service. Companies must find a way to better explain to users the value they get in exchange for the information they share. In most cases, I believe this will ease concerns and build confidence from users.

Creating no value in exchange? Expect to have issues.

Address the surveillance issue
Revelations of the NSA's surveillance program and the government's ability to demand that companies turn over the information of their users has created a significant reputational liability. With trust in government at an all-time low, according to Edelman's Trust Barometer, companies that don't address the surveillance issue could find people's trust in them go down as well.

Companies have the opportunity to lead the charge for creating change. They should consider taking action to increase transparency about information requests from the government and take steps to limit their reach. Indeed, many leading companies in the tech industry have responded in force. Google, Microsoft, Yahoo, and Facebook now regularly publish reports about the number of requests they get from the government and vocally advocate for being allowed to offer the public even more information.

Bake privacy in and provide choice
People want to share information; they just want to have control over how that information is used. Companies can alleviate many privacy concerns by finding ways to provide users with easy-to-use controls over how their information is used. Many leading tech companies have done a good job baking controls into their products and services. For example, all the major browsers have robust privacy controls to help people manage their online footprints. Companies should also consider how they can design privacy controls for mobile applications and online services.

Educate employees
Employees are often the weakest link in the privacy chain and can cause significant harm by not properly handling sensitive information. Often these missteps are not malicious, but simply due to an engineer or marketer not understanding the implications of collecting or using personal data in a new way. For instance, when Google found itself in hot water for collecting wireless data from people via its Streetview service, it was because an engineer thought that the information might be valuable one day. The company ended up paying millions in fines as a result.

Companies need to develop internal communications programs to ensure employees that handle personal data know its privacy rules. As a first step, my humble proposal is that communications leaders take their chief privacy officer for a cup of coffee and discuss these issues. 

Leigh Nakanishi is senior data privacy and security strategist at Edelman.

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in