• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
TRUSTe - Privacy by Design - Whitepaper

TRUSTe - Privacy by Design - Whitepaper



This whitepaper on Privacy by Design from TRUSTe speaks about the philosophy of incorporating a fundamental understanding of privacy issues into all initiatives in your organization and the benefit ...

This whitepaper on Privacy by Design from TRUSTe speaks about the philosophy of incorporating a fundamental understanding of privacy issues into all initiatives in your organization and the benefit from establishing a centralized privacy function such as a Chief Privacy Officer (CPO).



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds


Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    TRUSTe - Privacy by Design - Whitepaper TRUSTe - Privacy by Design - Whitepaper Document Transcript

    • T R U STe W HITE PA P E RPrivacy by DesignTRUSTe Inc.US: 1-888-878-7830EU: +44 (0) 203 626 0109www.truste.com
    • T R USTe W H IT EPA PER: Privacy by D esig n 2 The Big Picture In business today there is tremendous potential to leverage data to make better decisions, and increase revenue and profits. Predictably, this leads to companies wanting to collect, analyze, and take advantage of the power of data to its fullest potential. However, when the nature of this data is personal and its ‘owners’ are your customer and clients, in the moment that you acquire it you assume a tremendous amount of responsibility and risk. Your business and the way you use data is likely becoming more complex internally and more connected to others across the Cloud. The onus on you to protect all of this data in your care increases as the data chain itself grows longer and longer. You are responsible for making sure that third party providers who are involved in this ever-lengthening chain have controls in place to protect the data entrusted to you. Simply put, if you don’t take measures to ensure its security, regulators will. And, regardless of whether regulators may be paying attention or not, the risk of your mishandling or misusing personally identifiable information (PII) in a way that will violate your customers’ or clients’ trust rests on your head every hour of every day. PII is a double-edged sword and how you wield it makes all of the difference. “Privacy by Design” is not the latest piece of software, or a two-day class that suddenly makes your organization impervious to damaging claims from outside. It is rather a philosophy that you and your organization’s most influential executives must understand, embrace and sponsor—even mandate—throughout every level of every division of your operation. Essentially it means incorporating a fundamental understanding of privacy issues into all initiatives in your organization at the seminal stages of their initial conceptualization. The collecting and handling of PII must be brought to the forefront and forethought—not afterthought—of everything that you do. You must philosophically position privacy expertise as a key enabler for new business initiatives and remove it from a “wet blanket” mindset of a latecomer to the party preaching “no you can’t do that.” Most organizations benefit from establishing a centralized privacy function such as a Chief Privacy Officer (CPO) and one way to effectively extend the reach of this office across the organization is to have privacy champions within functional groups to identify challenges and communicate those to the centralized function to develop solutions and address inherent challenges. Adoption of this philosophy must happen from the top down so implementation challenges can be solved from the inside out. Self Assessment: Where Does Privacy Sit in Your Organization Today? If your organization already has a fully empowered Chief Privacy Officer (CPO) and/or a Data Protection Officer (DPO) at the executive level, she or he may already have made inroads into establishing Privacy By Design pervasively across all of your departments. However, chances are that these two roles are not established in your company or institution. The majority of organizations still just “get by” on privacy awareness fronts. These are the questions that you must be able to answer unambiguously in order to establish your own baseline for effecting Privacy by Design in the best way possible for your needs, and those of your customers or clients.
    • T R USTe W H IT EPA PER: Privacy by D esig n 3 When and how was customer privacy as a function of policy first introduced into your organization? If you are an executive or legal counsel for your business or institution and you cannot answer this question, it is not an exaggeration to consider your company at risk. Recent August 2012 Federal Trade Commission settlements involving Facebook and Google point to the fact that even the biggest and best equipped brands are vulnerable when not paying sufficient attention to consumer privacy rights. The tangible fines and mandates for ongoing invasive audits—sometimes lasting a decade or more—are one aspect of this kind of bitter medicine. The other is the much less tangible, but patently real costs of lost opportunity due to damage to your customer or client confidence. If you already have officials in place, what was the context of their introduction and how is their authority positioned? In so many cases, even when a CPO or other individual is hired, given an office, and instructed to “do the right thing” and “keep us proud,” he or she is not actually pragmatically empowered to make a difference in what happens with policies and systems day to day. The authority might have been granted “on paper,” but if the position or individual is seen only as an afterthought policing entity that is required on some process checklist—but not truly incorporated into the team—it is highly likely that even if the expertise is coming into play, it may not be positioned as the business enabler that it actually is. If the “privacy police” are only invited to the table at the eleventh hour and problems arise only at that time, then you may not have any public exposure to risk in the end, but you’re likely going to see target schedules slipping and lots of things being reengineered to bring you into the safety zone of compliance. That equals completely avoidable loss in productivity, which equals wasted hours and those associated costs. And furthermore, it creates a terribly flawed psychological dynamic of “these privacy requirements are the problem.” In fact, ignorance of the benefit of the customer trust that compliance engenders is the real problem. That is what Privacy by Design as a core philosophy makes it possible to avoid. The Earlier the Better It is likely that there are discussions going on even today in your marketing organization that involve the use of personally identifiable information (PII). If it is a new project or campaign kickoff meeting, Privacy by Design ideals will tell you that there should be someone around that table who is a specialist in PII and it’s relationship to consumer trust and customer loyalty. If you build in internal awareness of the power of privacy and the power of choice regarding all PII matters then you will: • Avoid the need to make changes or fix things at the eleventh hour • Be able to leverage the story of putting customer rights and choice first for PR initiatives • Reap the trust and loyalty benefits of improved customer confidence
    • T R USTe W H IT EPA PER: Privacy by D esig n 4 Do’s and Don’ts—What are Best Practices? You may already be aware of these core tenets of Privacy By Design. It is not rocket science. However, the rules and regulations imposed by external authorities are constantly in flux. You may already know that if your organization is exchanging PII data related to European branches or customers, your burdens of understanding and certification are more complex than if you focus solely on the US. You may not be aware yet however, that the EU is modernizing its Data Protection Directive and moving toward instituting a regulation requiring the same policy for all the member states—instead of 27 different data laws. Under the proposed regulation, companies will be required to appoint a Data Protection Officer (DPO) who has a specifically mandated responsibility to ensure that companies comply with the regulation. Change is the norm so: DON’T • Assume that as long as nobody steals PII off of your servers in the night that you’re safe. •  ait until the last minute to run though a privacy checklist that you find somewhere on W the internet before you launch a new product or marketing campaign. •  xpect marketing pros, product mangers, and engineers to instinctively make the right E choices about PII based on their standard education and experience. •  ely on a snapshot of what it all means at a specific point in time and then assume that R you know it all. DO •  ire a Chief Privacy Officer or empower another executive in your organization to serve H in this capacity. Have her or him consult with TRUSTe or other privacy experts about Privacy By Design so that it can be properly evangelized throughout your ranks. •  andate from the top down that you believe Privacy by Design is a philosophy your M entire organization must wholeheartedly embrace to build trust in order to survive and thrive in the modern business environment • dentify privacy champions in every functional group of your organization and educate I them on the power of privacy and the power of choice under that umbrella. •  urture and reward those who embrace privacy as a business enabler every time they N can demonstrate to you that your business is more successful because privacy is at the center of your vision and decision making. TRUSTe Understands Privacy by Design As a leading provider of data privacy solutions and certification services for 15 years— small and large enterprises alike have come to rely on TRUSTe to assist them in designing and implementing comprehensive data privacy strategies. Privacy by Design is at the core of everything that TRUSTe does, and if you are ready to embrace this empowering philosophy and could use some help in implementing it in your organization, we are ready to support you on every critical axis. To learn more, please visit truste.com/resources US: 1-888-878-7830 | EU: +44 (0) 203 626 0109 | www.truste.com © 2012 All Rights Reserved