For Data Privacy Day this year, we want to highlight one of our fundamental beliefs at PIX: trustworthy privacy practices are good for business.
Privacy is not just a compliance checkbox. Privacy practitioners traditionally have had to make the argument for privacy in the negative: if we don’t have good privacy practices in place, we will get breached, fined, or sued. After all, good privacy practices can save your company a fortune in compliance costs. Remember, we are living in the age of GDPR penalties of up to 4% of annual global revenue, FTC $5 billion dollar fines, and $1.4 billion dollar breach costs. (And before you bring up the counterpoint of how Facebook and Experian can afford these hefty numbers, ask yourself this: can your company?)
Moreover, the traditional “stick” gets old fast, which is why we prefer diversifying our privacy toolbox with “carrots.” Beyond its baseline compliance function, privacy can also differentiate your company from its competitors, help you increase your bottomline, help you unlock the value of data, save you a fortune in enforcement and privacy incident response costs, and provide your company an opportunity to do right by your customers, users, employees, and partners.
Depending on your audience—your CEO, your Board, your product team, your marketing team, or your shareholders—the following points could help you make the case for privacy within your company.
1. Privacy is a competitive differentiator
Done right, privacy can be used as a competitive differentiator and can propel your company as a leader worthy of its customers’ and users’ data. We’ve seen this strategy deployed by Apple and Microsoft for years.
Even newer tech companies are starting to catch on. At last year’s TechCrunch Disrupt, Snap CEO, Evan Spiegel proclaimed Snapchat’s privacy advantage over Facebook while being interviewed on the main stage, “[I]f you look at Snapchat, the inventions that we create around ephemerality, around privacy, those have really motivated Facebook to dramatically change their product offering in order to compete.”
And let’s not forget the hottest product at this year’s Consumer Electronics Show (CES). You guessed right: privacy.
So why the sudden jump on the privacy bandwagon? Because similar to good privacy practices creating a competitive advantage, the other side of the same coin reveals bad privacy practices tarnishing your brand reputation.
Privacy Pro Tip: The “competitive advantage” argument for privacy generally resonates with leadership and strategy-minded audiences. Remember it the next time you’re stuck in the elevator with your CEO or brand strategists.
2. Privacy affects your bottomline
Talk to any company that is in the business of selling a product that processes personal data and you will hear a common observation: their customers are increasingly demanding privacy and are starting to make buying decisions based on it. This wasn’t always the case, particularly in the B2B context.
But with the rise of data privacy laws, companies’ responsibilities over their vendors’ data privacy and security practices have increased in turn. Leading up to the EU’s General Data Protection Regulation’s (GDPR) compliance deadline, companies underwent the painful ordeal of going back to many of their vendors and retroactively negotiating a Data Processing Agreement (DPA) to cover the required privacy and security obligations. The same was true, but to a lesser extent, for the California Consumer Privacy Act (CCPA).
While privacy agreements are not new (we’ve had them for Model Clauses and under HIPAA for years), their effect on a company’s bottomline have never been more clear. Cisco’s 2020 data privacy benchmark study found that 87% of companies last year experienced sales delays related to privacy, with an average delay of 3.9 weeks last year and 4.2 weeks this year. What we find most noteworthy is that these sales delays correlate to the maturity of a company’s privacy program: the less privacy you have in place, the longer the delays. And according to the same Cisco study, for every $1 an organization spends on privacy, they receive a $2.70 return on investment.
Privacy Pro Tip: You guessed right: Finance and Sales teams love hearing this point. They like to know that their company’s privacy investments make a financial difference.
3. Privacy helps unlock the value of data
It may sound counterintuitive, but good privacy practices can help your company unlock the value of data. And quite the value it holds. (We are now all familiar with The Economist’s proclamation of data as the world’s most valuable asset, surpassing oil.)
So how exactly does privacy help here? With appropriate privacy practices in place—such as transparent disclosures, solid legal bases for processing, and Privacy by Design—companies can proceed to innovate and unleash the value of data without facing the potential privacy backlash. This is particularly true when developing or deploying data-dependent technologies like machine learning or artificial intelligence (ML/AI) or data-reliant strategies like digital marketing.
Privacy Pro Tip: This case for privacy is popular with Data Science and Marketing teams. Use it next time you find yourself having to explain why you need to roll out certain GDPR or CCPA requirements before processing data.
4. Privacy provides a market opportunity to innovate
For those in the tech industry, privacy tech is on the rise. In the preceding months alone, we saw B2B privacy tech players, OneTrust raise a $200 million Series A round and BigID a $144 million Series C.
In the consumer context, there is an increasing number of privacy tech startups from founders who recognize existing privacy problems and see the opportunities behind them. Jumbo Privacy, for example, is a privacy assistant that empowers users to take control of their privacy and security.
And while technology is neutral, we haven’t always done a very good job at designing it for the good, or at least to protect our privacy. But this is changing, not just because of these emerging privacy tech startups. We’ve also seen Big Tech companies forced to recognize and prioritize their users’ privacy. As an illustration point, Google recently announced that it will phase out third party cookies on Chrome.
And even if your company isn’t in the tech industry, this opportunity to innovate could translate to new features or product offerings for your company. Any company that collects data from its customers and users has the unique opportunity to offer a solution to them to solve their privacy pains.
Privacy Pro Tip: This point resonates well with investors and engineering and product teams. It’s particularly helpful when having Privacy by Design and privacy engineering conversations with engineering and product teams.
“Privacy is rife for innovation. To take advantage of this opportunity, we need to diversify our privacy toolkit … provide more carrots, not sticks.”-Lourdes Turrecha, CEO, PIX LLC, 2019 NCSA Data Privacy Day Livestream
5. Privacy is the right thing to do
Even if your company can afford to set aside the money for privacy violations as a cost of doing business, recognize that we are also living in the age of—to quote HBO’s Silicon Valley and for lack of a better description—tethics.
Gone are the days of moving fast and breaking things or, more aptly in the privacy space, collecting all the data, all the time. Potential users, business customers, partners, and employees alike want to know that they’re engaging with a trustworthy company. Can your brand be trusted to do right by us with our data?
Privacy Pro Tip: Board Members, Corporate Social Responsibility (CSR), and Legal teams particularly appreciate ethics-based points like this. It could also work with any tethically inclined audience.
Next time you find yourself in a position to have to make the case for privacy within your company, we suggest diversifying your toolkit by making one of the above points, depending on your audience. If you have your own unique points for making the business case for privacy, we’d love to hear them. Please feel free to share them with us by sending us an email at socials(at)pix(dot)llc, by tweeting us at @PIX_LLC, or by commenting on this post.