dmi

Section 508

May 15th, 2015

5 Ways to Invest in Privacy in 2015

Public perception of Privacy and Security in the post-Snowden era has changed, leading to end users caring vastly more about the topic. Last year there were more breaches than ever before, ad tracking technology has grown and will keep growing, collecting more and more data, and awareness of government access to personal data has increased. Although it is still difficult to fully understand the long-term consequences of data collection at this level, the concerns are rising both from a user and a collector point of view. End users, whether they are employees or customers, are requesting a higher level of respect towards their privacy and putting forward more questions as to how and why their personal data is handled.

To manage this situation there is a large amount of choice available to businesses. However, choosing the best option can be overwhelming at times. In 2014, according to a survey made by Truste, 22% of businesses of at least 1,000 employees had budgets of 1 to 5 million to manage privacy and security concerns. Assuming that budgets will be similar or higher this year, what is the most effective use of the funds?

  1. Internal Training
    Most data breaches occur due to employee error caused by lack of appropriate training. The solution here may seem straightforward; improving security training amongst employees within the organization ranging from basic password guidelines to restricted access policies. However, businesses are facing the issue that employees do not always apply what is learned during training, even less so when carried out through an online platform.Our recommendation? Make sure you use a relatable storytelling approach specific to your audience as well as innovative and interactive workshop to involve your employees as an integral part of your privacy solution. This article contains examples of classic storytelling techniques.
  2. Educating Your End Users
    Customers do not always understand the need to collect certain type of data within an app, especially when it doesn’t seem to be related to the app’s main functionality. An example of this is the request of the user’s location within a book review app. The user may be reluctant to divulge this information as the link is unclear, until the user is informed that it will highlight the closest bookshop where they can pick up similar books to a positively reviewed one.There are many ways to educate users on data collection. Our recommendation lies around the clever and targeted use of wizards and notifications.
  3. Privacy Audits and Assessments of Your Data Usage
    It is never too late to assess how your company is handling data, both collected internally and through your apps.At an organizational level
    If privacy was not designed from the outset of building your business, your business can still be audited. An audit will usually try to understand how the data that your business is collecting flows between different geographical regions and divisions. When looking at the results of the audit, it will be clear where the pain points are and which actions should be taken. Should you undergo safe harbor certification? Should you update your privacy policy (or if you do not have one, what should your privacy policy state)?

    Looking at the big picture may feel overwhelming. Our recommendation would be to start by analyzing the data flow within each department separately.

    On the app’s frontend
    Is your app privacy-friendly? Are your “privacy” notifications (request of collection of location, access to contacts, etc.) invasive and disrupting the user journey? Did you integrate privacy from the outset of the app build?

    Via a strong UX/UI review combined with an audit of data collection, you could improve your users’ experience in a straightforward manner. We recommend being transparent about data usage without being invasive to help increase user engagement and retention.

  4. Privacy and Security Policies Revision
    It is time to rethink your privacy policies. In our hyperconnected world where speed and change are of the essence, your privacy policy may rapidly become out of date.At an organizational level
    Our recommendation would be to designate a member of your team and place them in charge of verifying if the privacy policy needs updating on an annual basis. Long gone are the days when privacy policies were written once to tick a box on the list. They are now a tool empowering you to understand your business better.

    On the app’s frontend
    It is commonly accepted that nobody (besides a few privacy lawyers) read privacy policies. If you would like your user to read it, our recommendation is to make it as visual and interactive as possible.

  5. Governance and Risk
    Establishing whether your privacy and security initiatives are proportionate to the risks that your business is facing can be very tricky. Business-minded people will always be more inclined to take a more risky approach for the sake of business innovation. And this is fine.Our recommendation? There is no need to overdo it. However, limiting your approach to following the legal requirements is perhaps an approach that is too narrow. You should identify the type of information that is to be safeguarded: employee, business customer, users, non-personal business confidential, IP, etc., and identify how sensitive each type of data is. Implement preventive actions that are correlated to the level of sensitivity. Think ahead of how you would you react if there was a breach of your sensitive data and put an emergency strategy in place, empowering one member of your team with ensuring this strategy is carried out if needed.

All of the above may seem straightforward enough. However, innovation lies in how these tasks are implemented. Looking to innovate? Check out DMI’s Privacy offering.

Agathe Caffier, Senior Counsel, International Operations & Privacy Specialist

Tags: Mobility Strategy privacy security

Connect with us

Job Openings

Want to be part of our growing team?

View More
Work with us

Learn how DMI can help you grow, or launch your business.

Get In Touch
Offices

See all of our locations around the world

View Locations