After more than five years of leading Red Hat’s Global Privacy Program and overseeing its creation, growth, and maturity, I know what it takes to cultivate a culture of trust. Our associates, customers, and others are confident that we take privacy seriously, their information is safe, and we’re doing the right things.
Here are a few universal truths and tips I’ve learned.
1. Recognize that everyone plays an important role in a privacy-first culture
Every staff member works with personal information in some capacity. Privacy compliance is strengthened when everyone is aware of how to identify personal information, does their part to keep it safe and secure, and knows where to go if they ever have questions or concerns. A sustained focus on training, enablement, and best practices is important – not just during annual compliance training activities.
2. Get creative – use the tools you have to make improvements
Privacy compliance is a fast-growing area. Good privacy tech is available to help companies meet their obligations. However, I’ve had great success leveraging existing tools and adapting them for privacy processes.
[ Also read Data privacy: 5 mistakes you are probably making. ]
For example, my team used an existing database of applications and assets to begin tracking privacy-specific information to improve our data processing records. We also recently launched a compliance tracking dashboard using systems already in use and widely adopted. If you already have something that does (or could) work, give that a try before looking outside.
3. Build strategic partnerships
Privacy is just one aspect of an enterprise compliance framework, albeit a very important one. Over the last few years, our privacy program has cultivated strong partnerships with Information Security, Legal, Product Security, Third-Party Risk Management, and Procurement. Taking a holistic approach to compliance and the work we do when assessing new initiatives helps ensure that nothing is missed and we are delivering even greater value to the company. Implementing this integrated model can be challenging, but the benefits are tremendous.
4. Recruit privacy champions and deputies
It’s important to have centralized management and governance to ensure that privacy best practices are followed and the framework is properly executed. However, embedding privacy in every organization (Finance, Sales, Engineering, Marketing, IT) helps scale the work of the Privacy program and drives greater awareness of how to follow sound privacy practices. It can also help with the adoption and enforcement of company rules, policies, and procedures. The compliance tracking dashboard we developed has a breakdown by organization. Each privacy champion can work with colleagues to address issues, close gaps, and improve compliance, further strengthening our compliance posture.
5. Make privacy a strategic imperative
Let's face it: Compliance work can often be seen as a nuisance or an impediment to moving fast. But reframing it as an opportunity to demonstrate to current and prospective customers that your company takes privacy seriously can be a competitive advantage and help win business – especially for companies subject to those obligations.
Having your house in order and affirmatively responding to inquiries about how your organization deals with privacy means you don’t have to scramble or get creative when those questions arise. If you take these steps, you will already be living in a privacy-first culture and positioned for greater success and keeping the trust of internal and external stakeholders.
Organizations at every level of privacy maturity can use these to enhance their privacy compliance strategy. Each vector of the “people, process, technology” triple constraint is addressed, leading to a more holistic approach to being a privacy-centric organization. It doesn’t happen overnight, so I encourage you to enjoy the journey.
[ Leading CIOs are reimagining the nature of work while strengthening organizational resilience. Learn 4 key digital transformation leadership priorities in a new report from Harvard Business Review Analytic Services. ]