Speaker: Debbie Reynolds

Introducing the PACT Data Privacy Trust Framework and Scorecard (6 minutes)

Hello. My name is Debbie Reynolds. I'm the Founder, CEO, and Chief Data Privacy Officer of Debbie Reynolds Consulting. And I'd like to introduce the PACT Data Privacy Trust Framework and Scorecard. So I created this Framework and Scorecard as a way to help businesses assess quickly their data privacy maturity also look at privacy, not just from regulation but also as a business risk issue. And then having a way for organizations to be able to quickly score themselves so that they can communicate their Data Privacy risk and their maturity to C-Suite individuals, board members, investor groups, or anyone, even consumers, about their data and data rights. PACT is the Data Privacy Trust Framework and Scorecard. So I'll talk about the Framework, to begin with. So PACT stands for PURPOSE, ALIGNMENT, CONTEXT, and TRANSPARENCY. And I'll explain each of these parts of the Framework.

So first, we have PURPOSE. Regardless of what privacy regulation you're thinking about and also what consumers expect of individual organizations, they want to make sure that data collection that is occurring has personally identifiable information aligned with a PURPOSE for the data use and making sure that that is clear to individuals. So organizations that are using data of individuals, regardless of where they are, if they're aligning themselves with the PURPOSE of why this data is being collected, and that's clear, they'll be in a better position than other organizations that aren't doing the same thing. Then we go to ALIGNMENT. So you're aligning your data, PURPOSE, and collection, and that helps to build trust with the individual. So a lot of organizations, just because you're following the letter of the law, it doesn't mean that consumers will trust you. So part of that trust or building that trust is making sure that you're aligning the PURPOSE; you're doing an ALIGNMENT of your data collection.

So thinking through what you're collecting, thinking through why you're collecting it, and trying to figure out what's the best way forward with data so that you can build trust. Then we have CONTEXT. So CONTEXT really is trying to figure out why the data is being used. So a lot of organizations get into trouble in this situation because, let's say, for instance, they may collect data for one PURPOSE and decide within the organization that they want to re-PURPOSE that data for some other PURPOSE. And a lot of times, that creates a misalignment or a contextual problem for organizations, which typically leads to some other type of risk, whether it be a regulatory risk or also a trust risk. So we're seeing companies have to recalibrate and rethink through their data collection and data retention of information, and also the data uses as it is in CONTEXT.

So being able to check the CONTEXT will let organizations know whether they're in line with the fundamentals of data protection and Data Privacy or whether they're out of ALIGNMENT. And then finally, we have TRANSPARENCY. So TRANSPARENCY is basically what it sounds like. So making it clear what the PURPOSE is, and then also being able to share that. So you may be able to share your TRANSPARENCY in how you're doing things with consumers or individuals with shareholders, with stakeholders, anyone within organizations the need to understand—also just the public. So being able to do those types of four things will help organizations engender more trust. And also, it can help them guard against the risk, not only reputational risk, not only financial risk from regulators but then also the risk of having consumers want to go to other businesses because they trust them more than your organization.

Now, also this Framework comes with a Scorecard that really helps organizations rate themselves. So the Scorecard looks at people who are doing things in exceptional ways, above acceptable, minimal acceptable range, below acceptable, and unacceptable. So for each of the four PACT categories, organizations can rate themselves, and what ends up happening once organizations rate themselves, they have a Scorecard that they can share with any stakeholders or shareholders, and they can share with the public. They can share with investors and share with board members and C-suite people. And this really is a top-level indicator, maybe below the surface risk that organizations need to look at. And then also this can help organizations decide where are we weakest or where do we need the most help, and where do we need to start? So it's triage in a way. It's a gut check and a triage for organizations to be able to find out where they are on the spectrum in terms of Data Privacy trust and how they're dealing with data. So if you want to learn more about implementing the PACT Data Privacy Trust Framework and Scorecard, please contact us at www.debbiereynoldsconsulting.com/pact or email us at pact@debbiereynoldsconsulting.com. Thank you.