BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Data Privacy As A Basic Human Right

Forbes Technology Council
POST WRITTEN BY
Tony Raval

In the last decade, an international trend has emerged: data privacy. The protection of data is progressively being thought about as a basic human right, with governments worldwide actively pursuing regulation to protect their constituents. GDPR and CCPA are only the beginning. Data privacy will soon be a human right around the world. California, India, Singapore and Japan have led the way, with other countries actively pursuing the idea. This makes data privacy a necessity -- and most likely a law soon -- for any company handling personal data.

As I have said in many previous articles, trust is the key to our continued success in this digital world.

In my opinion, companies that establish trust upfront will close more deals, drive long-term revenue growth, establish loyal customers and ultimately prosper in this ever-changing digital world. Consumers and companies alike want to be treated fairly when it comes to their data. This is why companies that build and establish trust with PII are way more likely to succeed and survive in the long term. Brace yourselves because the road is long. Regulators and law enforcement are now enforcing data privacy requirements more than ever.

Let’s talk about some basic insights that might provide clarity for a task that is so monumental and tedious that it seems, for lack of a better word, overwhelming.

Focus On Communication

Effective communication and execution are mandatory. My first piece of advice goes to the CEOs. Is your executive team making the most of their time? Or, are they doing the same thing over and over when it comes to client interaction?

The CTOs, CIOs, CPOs and CDOs of the world really need to talk to the teams connecting with end clients. These are the technical gurus of your company -- the gatekeepers of privacy regulation. Have them spend active and deliberate time with customer service reps, sales teams, inbound call leads and your legal team. Collaborate and educate your technical teams, security teams, advisors, vendors and clients more than just quarterly.

Knowledge is power. Get the information that your clients need from the get-go about your privacy policies, even if they don’t ask for it. Build that trust and respect from the beginning of the sales funnel.

Diligence Is Key

Are you familiar with the term “onward transfer”? Privacy Shield defines it as “the Accountability for Onward Transfer Principle provides that a contract is required when personal data received under the Privacy Shield is transferred either to a third party acting as a controller or to a third party acting as an agent.”

This means you are responsible for the data you are providing to your clients, even though you may not have sourced it or it may not have been part of your in-house data. You are liable for the source of that data. Be diligent in vetting your data sources, and ensure that they are in full compliance with regulations.

Is Your Data Ethically Sourced?

And for my third and final take-home point, I would like to use an analogy I hope will resonate with you as we look forward into data privacy and regulation. Customers in the diamond industry often ask, “Was this diamond ethically sourced?” So, I ask you to consider this question when it involves PII: “Is this data ethically sourced, and can we track the transfer and storage compliance of its journey?”

Just like a diamond will travel in its journey around the world to the end client, so will the data that is so crucial to your business. If you ask my wife about her diamonds and their origins, she will, with confidence, provide ethically sourced TRACR documents and certificates of authenticity. What if we can implement a similar road map for data?

Here are some questions you can ask in assessing your data:

• What is the data’s grade? How many and what type of fields of data are stored in that file? This may include names, addresses, phone numbers, behavior data, social media data, etc. Assign a grade value to the data. The more robust the data, the higher the grade.

• Where was the data originally sourced? Was it a private source, a public source or an official government source? Where is the birthplace of the data?

• Was onward transfer accounted for? Was it handled by multiple vendors and brokers before it got to you? Who are these intermediaries, and what are their compliance policies? Can you be sure you trust their due diligence?

• Is the data genuine and opted into according to regulation? Does every line of data in the spreadsheet correlate to an authentic entity or person? Is it fake or fuzzy data? Is it a bot?

• Is the data stored properly in accordance with the laws of the data’s current residence? This storage includes the databases, infrastructure, clouds, metadata management platforms, cloud access security brokers and the other systems in place at your own company or another company handling this data.

Changing The Way We Deal With Data

We need to create a process that will forever change the way we work with data from the source to the end client. This effort will require:

  • Thoughtful, intelligent methods.
  • Proper management of third parties.
  • Effective, deliberate and continuous communication with all teams involved.
  • Implementation of creative thought leadership.

Place importance on the accountability, traceability and due diligence of this precious commodity. Keeping track of all these aspects of privacy compliance is enormous. Encourage your CTOs, CIOs, CPOs and CDOs to be the visionaries who will create the plans that help your company excel past the upcoming laws and regulations surrounding data privacy. Your customers will thank you.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?