3 ways to stop privacy from becoming a roadblock to innovation

Here’s a secret – when privacy professionals get together, they talk about how to prevent privacy from being the “office of no.”

It is a reasonable concern. If a portion of the privacy role in an organization is to reduce risk, it can be easy to conclude that a “no” answer is the surest path to accomplishing that goal. However, today’s privacy professional has a second but equally important role – to free the power of personal data to fuel innovation and the business goals that innovation drives.

The tension, though, is how to do so in an ethical and compliant manner – keeping risk low. Especially when considering new and uncertain technologies and initiatives, like AI tools and projects, the famous combination of Fear, Uncertainty, and Doubt – affectionately known as FUD – can push organizations away from innovation and into a risk-avoidance coma.

This does not have to be the case.

Consider motorcycle riding. Of course, the safest, most risk-avoidant strategy would be to never leave the house, much less hop on a motorcycle to enjoy the open road. But if someone loves motorcycle riding and feels like something important would be missing in life without it, a “no” answer is just not an option.

Instead, that person can take sensible measures, like wearing a helmet and other protective gear, keeping to a reasonable speed, watching other drivers carefully, and riding when or where there is less traffic. In other words, a “no” answer is not an option. Rather, the answer is “yes, and…, “ followed by reasonable precautions and safeguards.

So, what are ways to keep to an acceptable level of risk, maintain ethical standards and compliance, and still lean into innovation? How can privacy become an enabler rather than a limiter?

The answer might be simple – Clarity, Collaboration, and Culture.

Clarity

The most problematic roadblock for many organizations is a lack of clarity – about the data they hold and what permissions apply, and what kind of company they want to be in the privacy space. Specifically, and conversely, organizations that deeply understand what data they have, and to which data uses and sharing data subjects have consented, will have the most confidence in and flexibility for using the data.

This granular knowledge also helps future-proof an organization’s data use strategy by building in clarity so that adjustments for new laws or business activities are easy. For most organizations with any type of data volume or complexity, Privacy Enabling Technology and/or a consent management platform can elevate knowledge and reduce burden.

Also, an organization that works out in advance its stance on privacy – what it will do related to personal data, and what it will not do – gives itself clarity in the form of a privacy True North. This ethical compass can shortcut endless conversations that go beyond basic compliance and give the organization a template against which they can lay privacy decisions to quickly get to an answer. Good clarity about data and organizational privacy ethical intentions can help speed up and focus innovation and take the privacy office out of the ‘no’ position.

Practical tips for gaining Clarity:

• Establish a privacy ‘True North’ statement that describes what the organization will, and will not, do related to personal data.
• Consider how Privacy Enabling Technology and/or a Consent Management Tool can help identify the data the company holds and establishes clear rules for consents and preferences that apply to all data.
• Technology can also help provide the right access to data to different departments, such as marketing. At a minimum, ensure that the organization deeply understands what rights and responsibilities it has for each data field it controls/processes.

Collaboration

Given that privacy is a team sport, most privacy offices either work with or have represented within the team colleagues from multiple functional and business areas. Collaboration with other business areas helps the privacy team to better understand business pressures, implement appropriate controls, and raise awareness across the organization. This knowledge helps the privacy office react more quickly and even anticipate requests – and conversely helps other areas of the business develop a sensitivity to sound privacy practices.

Privacy by design requires collaboration with product development, user experience, marketing, and other teams. Data sensitive practices, like anonymization/de-identification/pseudonymization require expertise and action from other groups. Staying ahead of legislative and marketplace changes requires insights from Legal, Government Affairs, and Operations colleagues. In other words, collaboration is key to making sure that privacy is never a roadblock and always a partner in accomplishing goals (in a privacy sensitive, compliant, ethical way) – while appropriately sharing the work across the organization.

Practical tips for Collaboration

• Involve other teams to keep abreast of regulatory, business, and marketplace changes.
• Consider how other teams can help accomplish privacy actions, like aggregation/de-identification, security reviews, individual rights processing, preference management, privacy by design.
• Regularly stay connected with business and functional groups to cover top of mind topics – which both exchanges information, educates, and helps align privacy with business goals and pressures.

Culture

Culture is one of the most critical success factors for privacy but also the hardest to define and shift. A privacy sensitive mindset for all employees (and vendors) will help make sure that tasks get prioritized, issues get escalated, and all groups take responsibility for data protection. A “privacy as an enabler” mindset of the privacy team can go a long way to help establish the trust and partnership needed for a healthy privacy culture.

Practical tips for culture:

• Encourage the right tone from executives and establish Key Performance Indicators (KPI) related to privacy for all relevant business areas. After all, we behave as we are rewarded.
• Frequent, non-emergency, “privacy as an enabler” interactions with business areas will help build the trust needed to handle crises later.
• Rely on other teams that might have the best knowledge/skills to accomplish privacy activities. Good privacy really does take a village.

When an organization has established a privacy culture, diversifies privacy conversations and responsibilities across multiple roles, and uses technology to deeply understand and manage granularity in its consents and preferences, privacy can become a proactive partner rather than a roadblock. It can be hard, messy, and a winding road to travel, but these tips can help privacy be an enabler to business goals without sacrificing ethics and compliance.