Make it a Win-Win Proposition
What is an effective way to convince business leaders, organizations, and government agencies to treat people’s private data with the highest level of care? I start by asking myself, “How do I make this important to them?” In most cases I don’t have the authority to make anyone do anything. The problem is that whenever you have to order someone to do something they will do it because they are required to by law/ regulation/company policy, but they’re not going to be happy about it, and it is unlikely to change their behavior long-term. So, I try to meet with them, try to explain why it is in their best interest, in client’s best interest, in employees’ best interest. Especially when I’m speaking to business leaders it’s very, very important to make it about positive sum, not zero sum, and make it a win-win proposition.
It’s has to be a win for both the organization and the clients/customers that they’re serving. It’s has to be a win for both parties. When you can present it that way, it gives you a seat at the table-hopefully. I do understand that you cannot win over everyone-but you should try. “You don’t say ‘no’ to “the ask.” You say ‘yes’ to “the ask”, and ‘Here are the privacy and security protective measures that I insist you put on the data.’ You need to go into the conversation with an “and” instead of a “versus.” It’s not me versus your interests. It’s my interests in security and privacy and your interests in the business, whatever you’re doing. For example, in the world of, zero sum paradigms you have one interest versus another. You can only have security at the expense of privacy. In my world, that doesn’t cut it.
There’s no point in just having public safety without privacy
My paradigm shift started when I met Dr. Ann Cavoukian, who is recognized as one of the world’s leading privacy experts. I became a Privacy by Design (PbD) Ambassador in October 2011 and named to the Global Privacy and Security by Design (GPS by Design)-International Council in February 2017 both under her.
She crystallized Privacy by Design really after 9/11, because at 9/11 it became crystal clear that everybody was talking about the vital need for public safety and security. But it was always construed as at the expense of privacy, so if you have to give up your privacy, so be it. Public safety’s more important. Well, of course public safety is extremely important! She did a position piece at that point for the Canadian local national newspaper “The Globe and Mail,” and the position she took was public safety is paramount with privacy embedded into the process. You have to have both. There’s no point in just having public safety without privacy. Privacy forms the basis of our freedoms. This internal paradigm shift has brought my interactions to a higher-level of efficiency in privacy and security.
When speaking to persons regarding data it’s important to be aware of what data security and privacy laws are ruling the data. For example, in the United States those who create the data own the data. That is vastly deferent than the European Union (EU). In the EU you may have custody and control over a lot of data, your customer’s data, but you don’t own that data. Also, with that custody and control comes an enormous duty of care. You have to protect that data, restrict your use of the data to what you’ve identified to the customer. And then if you want to use it for additional purposes, you’ve have to go back to the customer and get their consent for secondary uses of the data. Now, that rarely happens, and I know that.
In Privacy by Design (PbD), one of the principles talks about privacy as the default setting. The reason you want privacy to be the default setting-what that means is if a company has privacy as the default setting-it means that they can say to their customers, “We can give you privacy assurance from the get-go. We’re collecting your information for this purpose,” so they identify the purpose of the data collection. “We’re only going use it for that purpose, and unless you give us specific consent to use it for additional purposes, the default is we won’t be able to use it for anything else.” It’s a model of positive consent, it gives privacy assurance, and it gives enormous, enormous trust and consumer confidence in terms of companies that do this. I tell business owners “Do this, because it’ll give you a competitive advantage over the other guys.”
In the recent years we have seen the growing sentiment that people want control of their personal data. Many studies have shown that somewhere near 90 percent of the public don’t trust the government or businesses or anyone. They want privacy and they don’t have it! Today we see the highest level of distrust on the part of the public and the lowest levels of consumer confidence. So, how do companies change that? I support and advocate that, companies change that by telling their customers that they will give them their privacy. They don’t even have to ask for it. The company is embedding it as the default setting which means it is the default setting. Ask anyone on the street, “Would you like to have privacy’s as the default, and for free?” They will say “YES” time and time again.
Join the paradigm shift. Make it a positive sum, not a zero sum. Make it a win-win proposition.