Reducing data privacy risks by adopting a service-mentality
In today’s technology-driven world; privacy professionals – particularly in regulated industries – have a unique and difficult challenge. Data, of all sorts, is the basis for much of the economy today and data use is evolving as new technologies are continuously introduced to the market. It is more than daunting to determine the best approach for reducing data-exposure risks while maintaining a competitive market advantage. It’s a precarious balancing act. By taking a pro-active, service-oriented approach that provides perceived value to your business partners, you can increase your professional reputation and your influence within your organization. The plan is simple and easy to execute because it is developed and implemented in bite-size phases.
Phase 1 – Assessment:
Take time to assess so you can develop a plan that aligns with the business. If your organization has multiple lines of business, target a small, defined business group with which you have a trusted relationship and use them as a pilot group to define, “road-test” and refine your process. Starting with a small pilot is more affordable and takes fewer resources – so it is less demanding on your team and easier to justify the budget expense.
Total estimated time for assessment: 30 – 60 days
| Assessment steps | Resources/Strategic Partners |
Current social media or collaboration tool use:
|
Business partnersIT security
Internal Audit Legal Compliance HR Social Media/Collaboration Subject Matter experts (SMEs) |
Level of use
|
Business partnersSMEs |
Current security practices
|
Business partnersSMEs |
Current reporting practices
|
Business partnersInternal Audit
Legal Compliance SMEs |
User background
|
Business PartnersSMEs |
Process
|
Business partnersIT security
Internal Audit Legal Compliance HR SMEs |
Phase 2 – Pilot Planning and Execution: Once you have identified your pilot group and gathered assessment data; build your pilot plan based on priority rankings determined during your assessment phase. Address the highest identified risk areas first. Include components that address the people, process and technology.
Total estimated time for pilot: 90 days
| Pilot Planning | Resources/Strategic Partners |
People:
|
Training professionalsLegal
Compliance Audit SMEs |
Process:
|
Business partnersIT security
Internal Audit Legal Compliance HR SMEs |
Technology:
|
Business partnersIT security
Internal Audit Legal Compliance HR SMEs |
Phase 3 – Pilot Project De-brief and Pilot expansion: Once you complete your pilot group project, analyze the data and integrate the lessons learned – it’s time to expand the pilot to the next identified critical risk area on your list. Develop a comprehensive communication plan to share the results from the initial pilot with a broad audience within your organization. Make sure to include influential, well-respected individuals who will endorse your work, help you spread your message and garner executive support. Also make sure you give your pilot group plenty of public recognition for their participation.
By taking the approach of working with strategic partners who trust you – while simultaneously communicating early wins – you are better positioned to make a stronger business case for additional resources as you need them. As you expand your efforts and gain credibility, the momentum you generate will help you to silence detractors. In addition, publicizing the positive outcomes will attract the attention of other business areas that may then approach you directly for assistance. This is a side benefit that helps accelerate the adoption process for your project and quickly increases executive support for your efforts. And if your organization experiences data privacy challenges during this time – this pilot prepares you to manage the crisis in a professional and timely manner.
Photo by Meriç Dağlı