My career in Privacy actually started out in information security (we called it 'Information Protection' in my firm. Other employees who thought we were too zealous in our mission called it "Information Prevention," But that's another story). I made the leap from the e-commerce team where I was initially working to the InfoSec team primarily because the dot-com bubble had burst and there appeared to be limited possibilities in e-commerce. The other reason was that the InfoSec team was then a small group almost exclusively composed of talented guys who were incredibly technical, but lacked in networking skills (by design!). Their only ask was to keep doing exactly what they were doing: heads down coding, monitoring, testing and tinkering with technologies. What they did notwant to do was talk to people, especially other people who were not technical and could not grasp the importance of what they were doing – keeping the company safe and secure.
During my interview to join the team, I positioned my value proposition as this: I don’t possess the same level of technical ability as these guys on the team but I have a lot of soft skills that this team could benefit from. I could be the voice or face of Information Protection, and propagate the message, value and importance of security (and ultimately privacy), and the onus of employees to behave and act in the right way to protect the company just as much as the Info Sec team does. (We take this for granted today, but keep in mind that this is over 16 years ago and everyone just thought ‘Well, that’s the Security guys’ job! Not mine”).
So in addition to some InfoSec ‘lite’ duties I assumed, I took my primary responsibility to be ‘selling’ the benefits of data security within the organization. That is, ‘why is it a good thing’? What is the value to this organization to be able to tell a compelling story to clients of a prudent grasp of data security by allemployees – not just the InfoSec team?
I eventually evolved my role to be the Chief Privacy Officer of the company. More than ever, I kept with me the duty of ‘selling,’ now the 'product' of privacy, to the organization, and our clients. In some ways it was, and remains a bit more complicated of a sales pitch than security. Employees’ understanding has evolved to understand the need for security in an organization; Privacy, on the other hand, is a bit more nuanced of a pitch. It takes a little more finesse to tease out the benefits of privacy by design, for example, than say, the act of changing your password every 90 days does.
As I’ve written before, it is becoming thankfully much easier to get people to appreciate the intrinsic value of privacy in products and/or services. Privacy, I’ve always asserted, is different than vanilla data security; it’s special. It’s accessible. Since everyone now has either a LinkedIn profile, a Facebook page or both, or their kids have it, we are conscious of the benefits of privacy, and everyone cares about it, or is at least mindful of it. Everyone has a smartphone and everyone goes apoplectic if they think they’ve lost it – and the thought of everything in it. Not because the phone or the contents contained therein are not replaceable, but because it means that a little bit of their private space has been lost. And so the art of the sale’s pitch for privacy being baked into products or services is becoming easier.,It is by no means a slam dunk. It is difficult to think of the value of privacy in terms of an ROI, since it is difficult to quantify along the same lines. Yet, your customers know when it is not present, and they will take action accordingly.
So don’t be ashamed, sheepish or even contrite when acting as a 'sales person' for the privacy proposition your product or service promises and will deliver. What’s a great privacy sales pitch? How about the idea that people (i.e. your customers) value their privacy and they want the businesses they do business with to do so too. Consumers want to associate a brand with the notion of privacy, especially if an exchange of sensitive data is involved. At the heart of the matter, though, this is not simply a hollow pitch for a product or services that does not deliver on its promise. If fact, I’d argue that nothing else delivers more value - intrinsically - than by making the assertion, and then delivering what you are selling. (I think the FTC thinks the same way too!)
No comments:
Post a Comment