Data Privacy Journey

Written By Janelle Hsia

Creating a data privacy program is about responsible data practices not just ensuring you can check the right boxes. Most companies are seriously behind with their privacy program implementation. So instead of worrying about it, what steps can you take today that will move your company forward?

It really is simple, you must start to develop a culture that is concerned about how you treat other people’s data by doing the right thing. It starts with a commitment from the executive team. They must be transparent and accountable for their actions. They need to dedicate the right resources, both people and budget, to ensure the company is taking the privacy and security of other people’s data seriously.  

All companies are on a data privacy journey and will continue to be in the near future. With all the new privacy regulations both in the US and around the world, companies will be in a continuous evolutionary cycle for the near future. You can start now by changing how you handle other people’s data. Here are some good examples of how companies are making changes:

  • Hiring process: We used to collect erroneous data and now we only collect twenty (20) pieces of data to help us make a hiring decision. This has also helped us reduce discrimination and bias in our hiring.

  • Record retention: We never used to delete client data, and now after a contract ends, we properly notify the client and delete the data 90 days after final payment.

  • Data minimization: We did a full audit of our data and were able to consolidate all personally identifiable and sensitive data into just two systems. We are working towards an integration that will give individuals seamless, simultaneous access to both systems but right now it is a manual process to look that data up in both systems.

  • Consent: We are now taking consent very seriously. We updated our privacy policy, cookie policy, and ensure that all marketing and sales correspondence is utilizing opt-in. There is a higher return on our marketing dollars because we know that each person who receives our information WANTS it.

  • Training: We do regular privacy AND security training with our employees. This ensures that they can protect the data that we collect and process it with privacy in mind.

All of these examples are a huge progress. So, what is your story? Where is your company on the journey to responsible data management? Here are some suggestions that you can do right now: 

  • Understand your data, know its purpose to your business, know where it is coming from, where it is going, and all the stops it makes along the way.

  • Perform a gap analysis. You can’t fix something you don’t understand.

  • Prioritize and create a plan for how you will implement a comprehensive privacy program and make it realistic.

It might seem overwhelming but don’t make bad short-term decisions. What really matters is the change in attitude over how other people’s data is handled and understanding that you have a responsibility to ensure its safekeeping.

Janelle Hsia
Previous

Data is like Water
Next

Is your SMB at risk?