The Three Most Important Privacy Intelligence (PQ) Success Factors for Organizations
Making changes inside of organizations is tough! Organizations develop a rhythm in how they operate and what they know, based on knowledge of their business and research of their markets and business intelligence. However, some organizations may choose to operate in “auto-pilot” mode while ignoring the tremendous operational changes necessary due to imminent Data Privacy challenges. As a result, these “auto-pilot” mode organizations are likely in for a rude awakening at best and a Data Privacy misstep that negatively impacts their revenue and reputation at worst. Just as organizations are starting to embrace the importance of EQ (Emotional Intelligence), organizations must cultivate and prioritize the development of PQ (Privacy Intelligence) at all levels of the organization. PQ is the ability for organizations to anticipate and act on external conditions in either regulation or technology that will internally affect an organization's way of doing business to thrive in the future. Organizations must develop PQ to succeed in managing the areas of responding to individuals' rights, using emerging technologies and leveraging the right expertise.
#1 Success Factor - PQ (Privacy Intelligence) and the rights of individuals
As organizations are doing business as usual, new data stakeholders are taking a new seat at their table. The new data stakeholders are individuals whose data an organization holds, and these individuals are gaining new rights through a rise in global regulations, which means organizations have to snap out of “auto-pilot” mode and assess the new obligations they owe to their new data shareholders.
An example will be organizations in the US that adjusted to the requirement in the California Consumer Privacy Act (CCPA) to facilitate the right of individuals to request data deletion, who now, as a result of the pending California Privacy Rights Act (CPRA) also have to facilitate data correction. The ability to find and delete data that organizations have about individuals is completely different and maybe operationally less complicated when trying to develop a capability for all individuals to see and correct data. Organizations cannot assume that the work they did to prepare for CCPA will also cover operational changes needed to comply with CPRA.
Organizations must now ask themselves new questions like:
Can I effectively communicate how I protect individuals’ data?
What new obligations do I have to be transparent with individuals about their data?
Does our organization have the processes, procedures, tools, and talent to deliver on our new Data Privacy obligations?
Saying yes to any of these questions without a rethink of your operational ability to execute in these areas may indicate that your organization has rising risks that are growing daily.
#2 Success Factor - PQ (Privacy Intelligence) and emerging technologies
As organizations try to embrace digital transformation and move into new and exciting directions with technology, they also need to be aware of the risk that replacing legacy technology with technology using emerging technologies poses. Sometimes a fingerprint reading time-keeping system or a facial recognition camera are not just interesting innovations based on an idea, but these things may turn into a Data Privacy nightmare for organizations who do not think about the ramifications of using technology that has features that collect more data then organizations may have ever imagined. There have been recent examples of emerging tech and privacy concerns, including Instagram using face scanning technologies to do age verifications, Ceridian fingerprint scan $3.5M class action lawsuit settlement, “Facial recognition cameras in UK retail chain challenged by privacy group” and the South African Reserve Bank (SARB) flags digital banking platforms as posing risks with emerging technologies that may be caught in Data Privacy entanglements with individuals and regulators due to the implementation of technologies that may be doing more than they should when infringing on the rights of data stakeholders.
Organizations must now ask themselves new questions like:
What data collection and retention capabilities does this emerging technology have that are new to our organization?
Are there regulations in jurisdictions where this technology is implemented that would negatively impact the organization?
Would the news of data uses of emerging technology damage our organization’s reputation if written about in the press?
#3 Success Factor - PQ (Privacy Intelligence) and the right expertise
Part of successfully facing Data Privacy challenges requires assembling the right talent to assist your organization. Just like organizations probably would not ask a doctor to write a legal brief, organizations need to find a way to face their technology issues by leveraging expertise internally or externally that can bridge the gaps in organizations between the legal requirements and the technical realities of organizations.
Organizations must now ask themselves new questions like:
Who are the people internal or external to the organization well positioned to anticipate or surface risks before it becomes a Data Privacy crisis for the organization?
Who are the people internal or external to the organization able to convey to individuals at all levels about not only Data Privacy risks but also establishing a culture of Privacy Intelligence (PQ)?
Who best, internal or external to the organization, can identify the Privacy Intelligence (PQ) gaps to be addressed in the organization?
Operations matter. Promises written in legal policies will not help organizations that cannot ensure their paper promises match their true actions. Data Privacy is a data issue that has legal ramifications, not a legal issue that has data ramifications. Once organizations lead with the data and figure out how they are using it, they can greatly reduce their risks, achieve success, and make Data Privacy a business advantage.