Is Your Company a Player or Pretender?
A former boss of mine had a habit of periodically and unexpectedly making provocative statements followed by a question of, “What do you think?” It was his way of generating a frank dialogue on a topic void of political correctness and corporate courtesies, and it worked.
In that same spirit, this post is intended to be provocative as you think about how the leadership of your company really views privacy. In discussing privacy with many different companies over the past several years, there are at least two distinct types: the players and the pretenders.
- truly recognize the value of privacy to the business;
- support privacy above and beyond compliance obligations and fears of enforcement;
- fund, as opposed to starve, their privacy functions and continuously seek to improve.
For example, a start-up company with the ability to legally exploit personal information it has for business gain resisted the temptation and held true to its “put people first” core value and did not risk compromising customer trust and loyalty.
- try to create the persona of being a player;
- say all the right things internally and externally, but their actions do not support the rhetoric, sometimes not even remotely;
- think everyone will only focus on their words and not their actions.
At a large organization, the general counsel opened a meeting with a convincing monologue about how the company is committed to privacy and “doing the right thing.” We then began discussing the Mass 201 requirements and where the company needed to make numerous fundamental improvements. After admitting the shortfalls, he focused on the relative lack of enforcement and uncertainty about the level of fines, and then and there, he decided the organization would do nothing on meeting the basic requirements until there was active enforcement.
As privacy professionals, we help players win and can help pretenders to be players—or at least stop pretending.
So, what do you think?
About the Author
Chris Zoladz, CIPP/US, CIPP/E, CIPP/IT, CIPP/G, CISSP, CISA, CPA, is the founder of Navigate LLC, a consulting company focused on providing comprehensive strategic and tactical information protection and privacy consulting services. Prior to founding Navigate, Zoladz was the vice president of information protection and privacy at Marriott International, Inc., a function he created in 1999. He also served as chair of the Information Security & Privacy Governance Committee and was a member of the eBusiness Council. Zoladz joined Marriott from Ernst & Young, where he last served as the mid-Atlantic area office director of IT audit and security services. He also served on the Ernst & Young IT Assurance & Advisory Services Practice Management Committee.
A past-chairman, treasurer and founding board member of the IAPP, Zoladz was the recipient of the 2006 IAPP Vanguard Award as the chief privacy officer of the year. He was also named one of the top privacy advisors by Computerworld in 2010, the last year the list was published. Zoladz is also a past member of the U.S. Chamber of Commerce Telecommunications and eCommerce Committee and speaks frequently on privacy matters.