20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx

•Download as PPTX, PDF•

0 likes•8 views

This presentation, delivered at the AIIM23 conference in New Orleans on April 26, 2023, described how to leverage good privacy practices, including data minimization, to build customer trust.

How to Leverage Privacy Practices
to Build Customer Trust
Jesse Wilkins, CIPP/US, CIPM, IGP, CRM, ICE-CCP
President and Principal Consultant
April 26, 2023

Agenda
The Age
of Privacy
Elements
of a
Privacy
Program
The
Privacy
Policy
Purpose
and
Privacy
Building
Customer
Trust

The Age of Privacy
• 137 countries have privacy and data protection laws in place
• U.S. is late to the party!
• 6 states have passed comprehensive privacy and data protection laws
• Indiana, Montana, Oklahoma, Tennessee, and New Hampshire poised to pass
• Some include individual rights to action – i.e. customers can sue

Customers and the Age of Privacy
• Organizations with more mature privacy practices are getting higher
business benefits than average
• 93% of organizations are reporting privacy metrics to their Boards
• 90% of organizations surveyed said their customers will not buy from them if
they are not clear about data practices and protection
• 76% of companies that invest in a robust privacy program see increased
loyalty and trust from their customers
Source: Cisco 2021 Data Privacy Benchmark Study
https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-privacy-benchmark-
study-2021.pdf

Customers and the Age of Privacy
• Customers don’t care about the nuances of, e.g., CCPA.
• Customers don’t care about fines.
• Customers care that you safeguard their information.
• Customers care that you use their information appropriately.
• For the reason you collected it for -
• And no other reason.

Elements of a Privacy Program
• Understanding of the regulatory environment and risks
• Understanding of corporate culture and tolerance for risk
• Privacy team
• Inventory of systems and information
• Personal or sensitive information
• High-impact systems
• Third-party systems
• Data mapping
• Systems & information inventories

Elements of a Privacy Program
• Policies & procedures
• Privacy policy and notices
• DPIA
• DSAR response
• Breach response
• Controls
• Access controls including need to know
• Reporting and metrics
• Employee awareness and training
• Annual assessment

A Customer-Centric Privacy Policy
• Easy to find on the website or app.
• Jargon-free: Let them know their data is safe.
• Transparent: Tell them what you collect and how you will use it.
• Opt-out clause – again, easy to find.

Retention and Privacy
• Retention and disposition started as
facilities management
• Then came to deal with corporate
malfeasance
• Then we tried Big Bucket Theory™
• In the age of privacy, retention needs
to be more granular
• Data minimization should be the
default

Every single field
except City is
required.
What are they
planning on
mailing to me?

Retention Based on Purpose
• What is the retention period for personal information?
• It depends….

Building Customer Trust – A Checklist
• What personal data are you collecting?
• Do you need to collect all of that?
• Why are you collecting it?
• Who are you sharing it with?
• Who are they sharing it with?
• What (else) are you using it for?
• How do you protect it?
• How long do you keep it?
• Would you trust the way you handle
your data?

About the Speaker
• Jesse Wilkins, CIPP/US, CIPM, IGP,
CRM/CIGO, edp, ICE-CCP
• President and Principal Consultant,
Athro Consulting
• More than 25 years experience in
information management
• Internationally-known speaker, trainer,
and writer
• AIIM Fellow #223
• IG Hall of Honor #5

For More
Information
Jesse Wilkins, CIPP/US, CIPM, IGP, CRM-CIGO, edp, ICE-CCP
Principal Consultant, Athro Consulting
https://www.athroconsulting.com
jesse.wilkins@athroconsulting.com
Twitter: @jessewilkins
LinkedIn:
https://www.linkedin.com/in/jessewilkins

On-demand recording link:https://info.trustarc.com/WB-2019-06-19-GDPR-Compliance-Convince-Customers-Partners-Board.html?utm_source=slideshare Many companies have invested significant time and resources trying to design and implement GDPR compliance programs. Internally, they may have generated hundreds or thousands of pages of project plans, policies, processes and reports – including records of processing, DPIA reports and much more. But how can you demonstrate to internal stakeholders, clients and partners that you have a comprehensive program and that your processes and products are GDPR-compliant? This webinar will provide these key takeaways: -The current state of an official GDPR certification and codes of conduct -Case studies of how companies are demonstrating compliance -The benefits of an external third party GDPR validation

Building an effective Information Security Roadmap

Elliott Franklin

As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy in for multiple enterprise wide security projects.

How to Build a Privacy Program

Daniel Ayala

Privacy is a topic that inevitably emerges whenever people speak about technology or business. What is it, really? How can you build a program to support it and balance it within our businesses? This session will cover the basics of a privacy program for organisations, some of the more applicable regulations on privacy, how to find the right balance and how to begin to implement your program. We will also discuss how to position your privacy program as a business enabler, establish some lightweight internal governance processes as well as customer and employee communications and awareness, too. Bring your questions and cases to review and analyse.

Evolution of Records Management in Law Firms

Jim Merrifield, IGP, CIP

Records Managers within Law Firms have a tough job, providing and enforcing policies, building out defensible procedures and overseeing an information lifecycle program. Over the years process has changed, regulations have been tightened and expectations have heightened. In this presentation, understand how Information Governance (IG) is playing a major role in the evolution of Records Management within Law Firms. Information Governance is a term being thrown around and many (or at least those brave enough to admit it) are unsure of what it really means. IG relies on automation, systems, tools and compliance to succeed. With records managers focus on risk avoidance, join us to better understand the new expectations of records managers to protect your firm as well as steps to implementing an IG Program.

Ethics in Data Management.pptx

Ravindra Babu

Privacy and Big Data Overload!

SparkPost

Due to the evolution of personalized, data-driven digital marketing, companies now have infinite amounts of personally identifiable information (PII) about their customers; and this stockpile of information continues to grow—at an exponential rate. In fact, according to the Pew Research Center, the volume of business data worldwide—across all industries—doubles every 1.2 years. But how should you use this treasure trove of data? And at what point does the information known about your consumers—and the ways you use this information—risk consumer privacy? Is there such thing as too much data? Attend this webinar to learn: • What your responsibilities are in today’s ‘big data universe’ • How to use your data and meet compliance laws • Tips for integrating data across channels and platforms • How to implement the principles of ‘Privacy by Design’

Ethical Issues in CRM Practice- Organisational response

seniorshelf.com

How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...

Aggregage

CCPA is in full effect and - as of July 1, 2020 - is being fully enforced. The “wait and see” game is officially over and organizations must be fully compliant in order to avoid regulatory fines and negative publicity. There are many requirements set forth by the CCPA, and building a strong compliance plan can be daunting. Not only does the compliance plan need to be set-up for future growth and changes, but it also needs the flexibility to produce on-demand, customized reports to provide to stakeholders. TrustArc has helped organizations of all sizes and maturity with CCPA compliance from simple assessments to full automation. Investing time upfront to perform the proper analysis and planning is key to feeling confident that your CCPA compliance program will efficiently and effectively mitigate risk while meeting business objectives. Join this webinar to see how TrustArc CCPA solutions help organizations of all sizes and maturity achieve and maintain compliance. This webinar will review: -Stages of CCPA program maturity -TrustArc CCPA solutions for every stage of compliance

2016 ISACA NACACS - Audit Privacy Considerations

Nathan Anderson

Internet security and privacy issues

JagdeepSingh394

Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]

TrustArc

Watch the webinar on-demand: https://info.trustarc.com/building-pia-dpia-program-webinar.html DPIA/PIA guidance, tips for success and case studies from the field. The GDPR mandates Privacy by Design and requires documented Data Protection Impact Assessments (DPIAs) for high risk processing. How can you build this into a sustainable program across your business? Having a good understanding of what DPIA/PIAs are and how to implement them can be the key to embedding privacy in the heart of your organization as well as achieving GDPR compliance. Watch this webinar on-demand to: - Hear PIA best practices - Review GDPR compliance requirements - Receive a range of tips and tools to help streamline and embed the process - Hear how Volvo Financial Services has approached assessments across their organization To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/

Global Data Privacy Regulation

Jatin Kochhar

Enabling an Analytics-Driven Organization

First San Francisco Partners

Most of the attention around Analytics goes to the results of the Analytics activity - a better customer profile, a new target market, more efficient product design. What about the process and infrastructure that is needed to get the data to the point in which it is useful to the Analytics community? This presentation addresses the less glamorous, but critically important side of Analytics: the people, process and technology infrastructure that enable an analytics-driven organization. The presentation will cover these questions: • How do you align your information assets to your Analytics goals? What data do you need and where do you find it? • What are the organizational constructs that need to be considered to integrate Data Governance and Analytics? • What organizational change can be anticipated and how should it be addressed? • How do you design your data management and data governance programs to support Analytics? How is this different than an operational use case? This slide deck is drawn from a tutorial presented jointly with Samra Sulaiman of ConsultData at Enterprise Dataversity 2015.

The Privacy and Security Behaviors of Smartphone, at USEC 2014

Jason Hong

Talk presented at USEC 2014. Smartphone app developers have to make many privacy-related decisions about what data to collect about end-users, and how that data is used. We explore how app developers make decisions about privacy and security. Additionally, we examine whether any privacy and security behaviors are related to characteristics of the app development companies. We conduct a series of interviews with 13 app developers to obtain rich qualitative information about privacy and security decision-making. We use an online survey of 228 app developers to quantify behaviors and test our hypotheses about the relationship between privacy and security behaviors and company characteristics. We find that smaller companies are less likely to demonstrate positive privacy and security behaviors. Additionally, although third-party tools for ads and analytics are pervasive, developers aren’t aware of the data collected by these tools. We suggest tools and opportunities to reduce the barriers for app developers to implement privacy and security best practices.

Data at the Speed of Business with Data Mastering and Governance

DATAVERSITY

Do you ever wonder how data-driven organizations fuel analytics, improve customer experience, and accelerate business productivity? They are successful by governing and mastering data effectively so they can get trusted data to those who need it faster. Efficient data discovery, mastering and democratization is critical for swiftly linking accurate data with business consumers. When business teams can quickly and easily locate, interpret, trust, and apply data assets to support sound business judgment, it takes less time to see value. Join data mastering and data governance experts from Informatica—plus a real-world organization empowering trusted data for analytics—for a lively panel discussion. You’ll hear more about how a single cloud-native approach can help global businesses in any economy create more value—faster, more reliably, and with more confidence—by making data management and governance easier to implement.

Data Privacy: The Hidden Beast within Mergers & Acquisitions

TrustArc

Today, growing an organization through Mergers & Acquisitions (M&A) has become a popular business practice. This can lead to great success but it can also cause a potential liability to the acquirer if global data privacy laws and regulations are not considered during the acquisition. Businesses that adopt this strategy need to be aware of how to handle the data involved in the acquisitions. Between new and evolving data privacy laws, an increased focus on regulators, and increased liability on the acquirer, incorporating data privacy practices is necessary for the M&A transaction process.

Emerging Data Quality Trends for Governing and Analyzing Big Data

DATAVERSITY

Business initiatives across industries are applying more data than ever to drive analytics and AI in the quest for new competitive insights. As the volume and variety of data gathered by organizations continues to escalate, both on-premises and in the cloud, traditional methods of Data Quality are transforming to meet this Big Data challenge. This webinar looks at these emerging trends in Data Quality to address Data Governance, entity resolution at scale, AI and machine learning, and establishing Data Quality as a core tenet of data literacy.

Emerging Data Quality Trends for Governing and Analyzing Big Data

Precisely

Business initiatives across industries are applying more data than ever to drive analytics and AI in the quest for new competitive insights. As the volume and variety of data gathered by organizations continues to escalate, both on-premises and in the cloud, traditional methods of data quality are transforming to meet this Big Data challenge. View this Dataversity-sponsored webinar on-demand as we look at these emerging trends in data quality to address data governance, entity resolution at scale, AI and machine learning, and establishing data quality as a core tenet of data literacy.

Data protection: Steps Organisations can take to ensure compliance

EquiGov Institute

#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers

One North

One North’s Managing Director of Technology Ryan Horner and legal process and technology consultant Bob Beach share details on how the EU’s General Data Protection Regulation (GDPR) could impact digital assets. This webinar is designed to educate digital marketers, share actionable examples, and provide an overview of how One North can help clients ensure their digital properties are in compliance with the regulation and execute on those efforts. Beyond GDPR compliance, the session will also highlight important information for marketers as data privacy continues to become a critical and strategic component of digital. Access the recording: https://youtu.be/ruQpN70LGt0

5 Ways to Build Employee Trust for Less Turnover and Fewer Incidents

Case IQ

Over the past few months, we’ve seen employees quit in record numbers. While there are many reasons for “The Great Resignation”, a standout is employee trust. A study from Gallup suggests that only one in three employees strongly agree that they trust the leadership of their organization. Employees want to trust the companies they work at and the people they work with. They want to feel comfortable coming to HR with their complaints and concerns. But building trust takes time, and effort. As organizations are planning their post-pandemic strategies, now is a perfect time to place an intentional emphasis on building trust.

Change Your Search to Find – SharePoint and Office 365 Webinar

Concept Searching, Inc

Enterprise search, once a hot topic, now faces new challenges with the adoption of hybrid and cloud environments. In SharePoint and Office 365, search isn’t equal, and before jumping on the Office 365 band wagon, organizations need to know as much as they can about potential challenges and pitfalls. Even in a SharePoint stand-alone environment, the consumption of content is forcing a renewed look at security, information lifecycle management, and non-compliance. Join us on Tuesday, October 28th, at 11:30am – 12:30pm EDT for this webinar packed with information on how to address search issues in SharePoint stand-alone, Office 365 hybrid, or cloud-only environments. If you’re not sure how you would answer any of the below questions below, then this webinar is for you:. • Does an enterprise search engine that provides the same transparency both on-premise and in the cloud matter to you? Does it matter to your users? • With the huge push for Office 365, is enterprise search getting lost? • Will the announcement of Delve push you over the edge in adopting Office 365? Why? • What about managing content in the cloud? Do you have any reservations about security,or records, and what your users are doing in the cloud? (Bet you’ll be surprised.) • What about migration? What goes where? • How will you know what’s on your users’ OneDrives? Is DLP enough? • Is your SharePoint search good enough? Have you calculated the ROI you can gain by improving it? • How are you going to manage the ever increasing consumption of organizational content?

Lendsum

Smartfolios

How to Build and Implement your Company's Information Security Program

Financial Poise

Data is one of your business’s most valuable assets and requires protection like any other asset. How can you protect your data from unauthorized access or inadvertent disclosure? An information security program is designed to protect the confidentiality, integrity, and availability of your company’s data and information technology assets. Federal, state, or international law may also require your business to have an information security program in place. This webinar will provide the basics of how to create and implement an information security program, beginning with identifying your incident response team, putting applicable insurance policies into place, and closing any gaps in the security of your data. To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/how-to-build-and-implement-your-companys-information-security-program-2021/

Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm

Ethisphere

20240409 ARMA NE Ohio Building a RIM Program with a RIM Playbook.pptx

20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx

Recommended

Recommended

More Related Content

Similar to 20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx

Similar to 20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx (20)

More from Jesse Wilkins

More from Jesse Wilkins (20)

Recently uploaded

Recently uploaded (20)

20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx