I once worked at a company where in addition to responsibilities for privacy, I also was in charge of records management. Though the discipline of records management and retention was interesting, I seem to recall that every night when I walked out the door, the thought of records never crossed my mind. (Nor any of my fellow employees' minds either, I’ll bet). Not that this responsibility wasn’t important, it’s just that the work never created any serious passion or enthusiasm in me.
Privacy, on the other hand, without overly romanticizing it, is an entirely different matter. I understand that it’s easy to feel no connection or relationship to some disciplines you deal with at work every day. You just do it in the office; you leave the office, and you leave those thoughts and concerns there as well. See you tomorrow, old job! Privacy, I always argue, is different. It’s special. It’s accessible. When you walk out of the door from work, you still carry your anxieties and thoughts about privacy with you. Since everyone now has either a LinkedIn profile, a Facebook page or both, or their kids have it, we are conscious of privacy, and everyone cares about it, or is at least mindful of it. Everyone has a smartphone and everyone goes apoplectic if they think they’ve lost it – and the thought of everything in it. Not because the phone or the contents contained therein are not replaceable, but because it means that a little bit of their private space has been lost, Or worse, maybe intruded upon.
I’ve always been somewhat grateful when I've had to create the training curriculum for privacy awareness courses because the concept is easy to convey to even the most non-technical user. Teaching someone about anti-money laundering concepts or risks of currency fluctuations or the benefits of dual authentication is a lot harder than teaching them that privacy matters to both the customer and to them. Why? Because they already get it! They deal with it all day every day outside of work already so they have a familiarity that makes them realize the urgency for your business that much easier.
The problem institutionally though is that privacy still largely serves as a compliance-related function in most organizations; a box to be checked. In many cases, the privacy team sits obscured in Legal or Information Security, even HR (!) and does not always get the visibility they need to provide the true value to an organization. Very data intensive and customer-facing businesses where data pays the bills, however, realize the worth of a strong privacy program. Their privacy teams are highly leveraged, CEO or Board-facing entities because those kinds of companies realize the strategic asset that is data today.
Data, and lots of it, has always been a by-product of most businesses. Historically, ‘data’ had been looked upon as just another company commodity to be managed or warehoused like an extra tractor or overruns from last season’s fashions. The confidentiality and privacy of the data was mostly an afterthought. Today, data is like a new natural resource for companies. Certain highly regulated industries like healthcare or financial services where privacy is almost a duty to the customer, however, know intuitively that properly using privacy can be a competitive advantage that, though intangible, is a brand differentiator. (See DuckDuckGo)
Building and maintaining the trust between company and customer is paramount for a long-term and profitable relationship, on both ends. Without the sense that a company will respect and protect the privacy of the data entrusted to it, the association between the two is simply a transaction; complete it, and move on. Companies don’t want that, and customers really don’t either.
People value their privacy and they want the businesses they do business with to do so too. Consumers want to associate a brand with the notion of privacy, especially if an exchange of sensitive data is involved. Do it right and customers will place that notion right in their hearts.