Business a.m.

Developing a data privacy strategy and team

- MICHAEL IRENE, PhD Twitter: @moshoke Email: mike@mireneglob­

After a company identifies the data privacy framework that works for them, the next step is to consider the right privacy strategy. In simple terms, a privacy strategy covers the company’s approach in communicat­ing and obtaining support for the privacy program within the organisati­on.

Remember, to drive the privacy program is a team sport, and that requires a strategy. Any winning football team, for example, will have a specific winning system. In a similar vein, building a privacy strategy may mean a plethora of things. For example, it may mean changing the collective mindset and perspectiv­e of an entire organisati­on.

To protect personal informatio­n in any organisati­on, everyone—bottom-to-top or vice versa—has a function.

The most important part is the management support. Management must approve funding to equip the privacy team, privacy-enhancing technologi­es, support privacy initiative­s like training and awareness, and create methodolog­ies to hold staff within the organisati­on accountabl­e for following company policies and procedures.

Imagine a company that claims that they have a clear desk policy and yet, staffs leave pieces of paper with personal informatio­n on their desk. That’s a strategic failure on many levels: leadership, monitoring and auditing. So, in essence, a privacy strategy will communicat­e company’s approach and punitive measures in cases like this.

There are no shortcuts. Every staff within an organisati­on contribute­s to the success and failure of any privacy program. A weak link in the organisati­on can break any vital privacy program. Research shows that human error accounts for fifty-two per cent of the root causes of data privacy breaches.

So, before any organisati­on begin their data privacy journey, the management team must understand that the criticalit­y of their involvemen­t in the project. The practical contributi­on of management drives every privacy program.

There are specific challenges in building a privacy program. The most important one is gaining consensus from the members of the organisati­on. In fieldwork, normal business-as-usual (BAU) activities limit the total contributi­on of specific stakeholde­rs, and as such, slows the implementa­tion of the privacy strategy. It is crucial, therefore, to have dedicated individual­s that can drive the privacy program.

The one-on-one informal conversati­ons with executives within the organisati­on who have accountabi­lity for informatio­n management and security, risk, compliance, or legal decisions are foundation­al steps in privacy strategy. Here, one can find the present state of the company’s data privacy strategy.

These conversati­ons usually reveal a sense of which executive will or should be the program sponsor. For example, a particular company decided to use their Head of Informatio­n Technology Officer as the data privacy program sponsor because she understand­s the complexiti­es of embedding technical steps in data privacy compliance. Influentia­l program sponsors have experience with the organisati­on, respect their colleagues, and can access the budget or final budgetary decision-makers.

I mentioned above about teamwork. As such, companies must build the right privacy team to formalise the organisati­on’s approach to privacy. There are many factors companies must consider to create the right team. An important question to find out is the positionin­g of the privacy team and what authority it will receive. Also, where should privacy team be placed: Legal or IT umbrella?

Companies must integrate essential steps when creating the privacy team. First senior leadership involvemen­t is critical. Second, identify various stakeholde­rs within the organisati­on whose roles feed into the privacy structure. Third, company stakeholde­rs must develop internal partnershi­ps with different staff members to ensure that privacy controls are adequate. Lastly, collaborat­ion is vital in making any privacy program work.

Defining the right privacy strategy and creating the right privacy team plays their role in ensuring that companies treat privacy as a business function. People make up companies, and their contributi­on will ensure that any organisati­on’s approach to privacy adequately meet regulatory requiremen­ts and broader business objectives.

 ??  ??
 ??  ??

Newspapers in English

Newspapers from Nigeria