20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx

•Download as PPTX, PDF•

0 likes•8 views

This presentation, delivered at the AIIM23 conference in New Orleans on April 26, 2023, described how to leverage good privacy practices, including data minimization, to build customer trust.

Business

How to Leverage Privacy Practices
to Build Customer Trust
Jesse Wilkins, CIPP/US, CIPM, IGP, CRM, ICE-CCP
President and Principal Consultant
April 26, 2023

Agenda
The Age
of Privacy
Elements
of a
Privacy
Program
The
Privacy
Policy
Purpose
and
Privacy
Building
Customer
Trust

The Age of Privacy
• 137 countries have privacy and data protection laws in place
• U.S. is late to the party!
• 6 states have passed comprehensive privacy and data protection laws
• Indiana, Montana, Oklahoma, Tennessee, and New Hampshire poised to pass
• Some include individual rights to action – i.e. customers can sue

Customers and the Age of Privacy
• Organizations with more mature privacy practices are getting higher
business benefits than average
• 93% of organizations are reporting privacy metrics to their Boards
• 90% of organizations surveyed said their customers will not buy from them if
they are not clear about data practices and protection
• 76% of companies that invest in a robust privacy program see increased
loyalty and trust from their customers
Source: Cisco 2021 Data Privacy Benchmark Study
https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-privacy-benchmark-
study-2021.pdf

Customers and the Age of Privacy
• Customers don’t care about the nuances of, e.g., CCPA.
• Customers don’t care about fines.
• Customers care that you safeguard their information.
• Customers care that you use their information appropriately.
• For the reason you collected it for -
• And no other reason.

Elements of a Privacy Program
• Understanding of the regulatory environment and risks
• Understanding of corporate culture and tolerance for risk
• Privacy team
• Inventory of systems and information
• Personal or sensitive information
• High-impact systems
• Third-party systems
• Data mapping
• Systems & information inventories

Elements of a Privacy Program
• Policies & procedures
• Privacy policy and notices
• DPIA
• DSAR response
• Breach response
• Controls
• Access controls including need to know
• Reporting and metrics
• Employee awareness and training
• Annual assessment

A Customer-Centric Privacy Policy
• Easy to find on the website or app.
• Jargon-free: Let them know their data is safe.
• Transparent: Tell them what you collect and how you will use it.
• Opt-out clause – again, easy to find.

Retention and Privacy
• Retention and disposition started as
facilities management
• Then came to deal with corporate
malfeasance
• Then we tried Big Bucket Theory™
• In the age of privacy, retention needs
to be more granular
• Data minimization should be the
default

Every single field
except City is
required.
What are they
planning on
mailing to me?

Retention Based on Purpose
• What is the retention period for personal information?
• It depends….

Building Customer Trust – A Checklist
• What personal data are you collecting?
• Do you need to collect all of that?
• Why are you collecting it?
• Who are you sharing it with?
• Who are they sharing it with?
• What (else) are you using it for?
• How do you protect it?
• How long do you keep it?
• Would you trust the way you handle
your data?

About the Speaker
• Jesse Wilkins, CIPP/US, CIPM, IGP,
CRM/CIGO, edp, ICE-CCP
• President and Principal Consultant,
Athro Consulting
• More than 25 years experience in
information management
• Internationally-known speaker, trainer,
and writer
• AIIM Fellow #223
• IG Hall of Honor #5

For More
Information
Jesse Wilkins, CIPP/US, CIPM, IGP, CRM-CIGO, edp, ICE-CCP
Principal Consultant, Athro Consulting
https://www.athroconsulting.com
jesse.wilkins@athroconsulting.com
Twitter: @jessewilkins
LinkedIn:
https://www.linkedin.com/in/jessewilkins

Similar to 20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx

Festival of Marketing

Rachel Aldighieri

20240425 ARMA Milwaukee Records Mgmt in the Age of Privacy.pptx

Jesse Wilkins

CCPA is in full effect and - as of July 1, 2020 - is being fully enforced. The “wait and see” game is officially over and organizations must be fully compliant in order to avoid regulatory fines and negative publicity. There are many requirements set forth by the CCPA, and building a strong compliance plan can be daunting. Not only does the compliance plan need to be set-up for future growth and changes, but it also needs the flexibility to produce on-demand, customized reports to provide to stakeholders. TrustArc has helped organizations of all sizes and maturity with CCPA compliance from simple assessments to full automation. Investing time upfront to perform the proper analysis and planning is key to feeling confident that your CCPA compliance program will efficiently and effectively mitigate risk while meeting business objectives. Join this webinar to see how TrustArc CCPA solutions help organizations of all sizes and maturity achieve and maintain compliance. This webinar will review: -Stages of CCPA program maturity -TrustArc CCPA solutions for every stage of compliance

CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions

TrustArc

2016 ISACA NACACS - Audit Privacy Considerations

Nathan Anderson

Internet security and privacy issues

JagdeepSingh394

Watch the webinar on-demand: https://info.trustarc.com/building-pia-dpia-program-webinar.html DPIA/PIA guidance, tips for success and case studies from the field. The GDPR mandates Privacy by Design and requires documented Data Protection Impact Assessments (DPIAs) for high risk processing. How can you build this into a sustainable program across your business? Having a good understanding of what DPIA/PIAs are and how to implement them can be the key to embedding privacy in the heart of your organization as well as achieving GDPR compliance. Watch this webinar on-demand to: - Hear PIA best practices - Review GDPR compliance requirements - Receive a range of tips and tools to help streamline and embed the process - Hear how Volvo Financial Services has approached assessments across their organization To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/

Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]

TrustArc

Global Data Privacy Regulation

Jatin Kochhar

Most of the attention around Analytics goes to the results of the Analytics activity - a better customer profile, a new target market, more efficient product design. What about the process and infrastructure that is needed to get the data to the point in which it is useful to the Analytics community? This presentation addresses the less glamorous, but critically important side of Analytics: the people, process and technology infrastructure that enable an analytics-driven organization. The presentation will cover these questions: • How do you align your information assets to your Analytics goals? What data do you need and where do you find it? • What are the organizational constructs that need to be considered to integrate Data Governance and Analytics? • What organizational change can be anticipated and how should it be addressed? • How do you design your data management and data governance programs to support Analytics? How is this different than an operational use case? This slide deck is drawn from a tutorial presented jointly with Samra Sulaiman of ConsultData at Enterprise Dataversity 2015.

Enabling an Analytics-Driven Organization

First San Francisco Partners

Talk presented at USEC 2014. Smartphone app developers have to make many privacy-related decisions about what data to collect about end-users, and how that data is used. We explore how app developers make decisions about privacy and security. Additionally, we examine whether any privacy and security behaviors are related to characteristics of the app development companies. We conduct a series of interviews with 13 app developers to obtain rich qualitative information about privacy and security decision-making. We use an online survey of 228 app developers to quantify behaviors and test our hypotheses about the relationship between privacy and security behaviors and company characteristics. We find that smaller companies are less likely to demonstrate positive privacy and security behaviors. Additionally, although third-party tools for ads and analytics are pervasive, developers aren’t aware of the data collected by these tools. We suggest tools and opportunities to reduce the barriers for app developers to implement privacy and security best practices.

The Privacy and Security Behaviors of Smartphone, at USEC 2014

Jason Hong

Do you ever wonder how data-driven organizations fuel analytics, improve customer experience, and accelerate business productivity? They are successful by governing and mastering data effectively so they can get trusted data to those who need it faster. Efficient data discovery, mastering and democratization is critical for swiftly linking accurate data with business consumers. When business teams can quickly and easily locate, interpret, trust, and apply data assets to support sound business judgment, it takes less time to see value. Join data mastering and data governance experts from Informatica—plus a real-world organization empowering trusted data for analytics—for a lively panel discussion. You’ll hear more about how a single cloud-native approach can help global businesses in any economy create more value—faster, more reliably, and with more confidence—by making data management and governance easier to implement.

Data at the Speed of Business with Data Mastering and Governance

DATAVERSITY

Today, growing an organization through Mergers & Acquisitions (M&A) has become a popular business practice. This can lead to great success but it can also cause a potential liability to the acquirer if global data privacy laws and regulations are not considered during the acquisition. Businesses that adopt this strategy need to be aware of how to handle the data involved in the acquisitions. Between new and evolving data privacy laws, an increased focus on regulators, and increased liability on the acquirer, incorporating data privacy practices is necessary for the M&A transaction process.

Data Privacy: The Hidden Beast within Mergers & Acquisitions

TrustArc

Business initiatives across industries are applying more data than ever to drive analytics and AI in the quest for new competitive insights. As the volume and variety of data gathered by organizations continues to escalate, both on-premises and in the cloud, traditional methods of Data Quality are transforming to meet this Big Data challenge. This webinar looks at these emerging trends in Data Quality to address Data Governance, entity resolution at scale, AI and machine learning, and establishing Data Quality as a core tenet of data literacy.

Emerging Data Quality Trends for Governing and Analyzing Big Data

DATAVERSITY

Business initiatives across industries are applying more data than ever to drive analytics and AI in the quest for new competitive insights. As the volume and variety of data gathered by organizations continues to escalate, both on-premises and in the cloud, traditional methods of data quality are transforming to meet this Big Data challenge. View this Dataversity-sponsored webinar on-demand as we look at these emerging trends in data quality to address data governance, entity resolution at scale, AI and machine learning, and establishing data quality as a core tenet of data literacy.

Emerging Data Quality Trends for Governing and Analyzing Big Data

Precisely

Data protection: Steps Organisations can take to ensure compliance

EquiGov Institute

One North’s Managing Director of Technology Ryan Horner and legal process and technology consultant Bob Beach share details on how the EU’s General Data Protection Regulation (GDPR) could impact digital assets. This webinar is designed to educate digital marketers, share actionable examples, and provide an overview of how One North can help clients ensure their digital properties are in compliance with the regulation and execute on those efforts. Beyond GDPR compliance, the session will also highlight important information for marketers as data privacy continues to become a critical and strategic component of digital. Access the recording: https://youtu.be/ruQpN70LGt0

#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers

One North

Over the past few months, we’ve seen employees quit in record numbers. While there are many reasons for “The Great Resignation”, a standout is employee trust. A study from Gallup suggests that only one in three employees strongly agree that they trust the leadership of their organization. Employees want to trust the companies they work at and the people they work with. They want to feel comfortable coming to HR with their complaints and concerns. But building trust takes time, and effort. As organizations are planning their post-pandemic strategies, now is a perfect time to place an intentional emphasis on building trust.

5 Ways to Build Employee Trust for Less Turnover and Fewer Incidents

Case IQ

Enterprise search, once a hot topic, now faces new challenges with the adoption of hybrid and cloud environments. In SharePoint and Office 365, search isn’t equal, and before jumping on the Office 365 band wagon, organizations need to know as much as they can about potential challenges and pitfalls. Even in a SharePoint stand-alone environment, the consumption of content is forcing a renewed look at security, information lifecycle management, and non-compliance. Join us on Tuesday, October 28th, at 11:30am – 12:30pm EDT for this webinar packed with information on how to address search issues in SharePoint stand-alone, Office 365 hybrid, or cloud-only environments. If you’re not sure how you would answer any of the below questions below, then this webinar is for you:. • Does an enterprise search engine that provides the same transparency both on-premise and in the cloud matter to you? Does it matter to your users? • With the huge push for Office 365, is enterprise search getting lost? • Will the announcement of Delve push you over the edge in adopting Office 365? Why? • What about managing content in the cloud? Do you have any reservations about security,or records, and what your users are doing in the cloud? (Bet you’ll be surprised.) • What about migration? What goes where? • How will you know what’s on your users’ OneDrives? Is DLP enough? • Is your SharePoint search good enough? Have you calculated the ROI you can gain by improving it? • How are you going to manage the ever increasing consumption of organizational content?

Change Your Search to Find – SharePoint and Office 365 Webinar

Concept Searching, Inc

Lendsum

Smartfolios

Data is one of your business’s most valuable assets and requires protection like any other asset. How can you protect your data from unauthorized access or inadvertent disclosure? An information security program is designed to protect the confidentiality, integrity, and availability of your company’s data and information technology assets. Federal, state, or international law may also require your business to have an information security program in place. This webinar will provide the basics of how to create and implement an information security program, beginning with identifying your incident response team, putting applicable insurance policies into place, and closing any gaps in the security of your data. To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/how-to-build-and-implement-your-companys-information-security-program-2021/

How to Build and Implement your Company's Information Security Program

Financial Poise

Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm

Ethisphere

Similar to 20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx (20)