Privacy and Security Starts With the C-Suite and a Deep Bench of Experts
This article was written by APCO alumna Kelsey Harclerode.
We may not be able to agree on the song of the summer, but we should be able agree that consumer privacy and data security are among some of the most important issues facing C-Suite leaders across the globe. According to IBM’s Institute for Business Value, 81 percent of consumers say that in the past year, they’ve become more concerned with how companies are using their data. The IBM survey also found that the vast majority of consumers think companies should be clearer about how their products use data and agree that companies should be more heavily regulated on data management practices. And just like the technology itself, consumer expectations around privacy and security will evolve over the next few years. But they certainly aren’t going away anytime soon. In fact, these expectations will likely become more stringent and vocal with each passing year.
As executives grapple with growing consumer expectations and new regulatory regimes, standout companies will embrace these changing dynamics instead of hiding from them. But truly adopting values of protecting consumer privacy and baking in security measures by design requires the C-suite reaching outside the standard chorus of voices, gaining insight from diverse perspectives.
There is a deep bench of privacy and security experts that have been working on these issues for years (and decades) before the general public caught on. These experts span disciplines, continents and perspectives, and there is a strong likelihood that one of these experts has a creative solution to a privacy risk that your company’s in-house counsel identified last week. These are the voices that the C-suite should rely on as they build their vision and values surrounding privacy and security strategies.
Luckily, C-Suite leaders can hear these voices in several different ways—many of them have published their recommendations for free online or regularly attend industry conferences (if you’re located around D.C., the FTC’s annual PrivacyCon is a great resource for cutting-edge approaches). C-suite leaders can even go one step further and recruit these voices to work in-house or consult as part of an advisory council.
Many privacy issues are highly technical and complex, with layers of nuanced sub-issues that deserve consideration by a diverse pool of dedicated experts. This is particularly true when considering the wide-ranging impact that companies’ privacy and security decisions can have, especially on marginalized communities—like the victims of domestic violence that are terrorized by IoT devices or LGTBQ users of queer-oriented dating platforms that face harassment and exposure due to poor platform design choices. By integrating diverse perspectives, empowering employees and rewarding risk-taking, C-suite leaders can foster a forward-looking approach to learn, adapt and prepare for various privacy and security risks.
However, even a well thought out approach can fail if relevant stakeholders are unaware of its existence. C-suite leaders must therefore clearly communicate the company’s vision and values towards privacy and security-related matters, and make sure that the person in charge of these issues—e.g., chief privacy officer or chief information security officer—is visible and accessible.
To be agile, C-suite leaders must actively lead by staying ahead—seeking risk intelligence, applying predicative analysis and actively listening to what stakeholders, including privacy and security experts, are saying. Without an in-house expert, qualified consultant, or external council to advise on these issues, companies not only put their bottom lines at risk, they put their users at risk.