News Stream Books Videos Web Conferences Subscriptions Advertise About IAPP Publications
Daily Dashboard Daily Dashboard

The day’s top stories from around the world

 AI Governance Dashboard – New AI Governance Dashboard – New

Stay on top of the latest AI governance news and developments of the profession.

 The Privacy Advisor The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

 Privacy Perspectives Privacy Perspectives

Where the real conversations in privacy happen

 Privacy Tech Privacy Tech

Exploring the technology of privacy

 Canada Dashboard Digest Canada Dashboard Digest

A roundup of the top Canadian privacy news

 Europe Data Protection Digest Europe Data Protection Digest

A roundup of the top European data protection news

 Asia-Pacific Dashboard Digest Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

 Latin America Dashboard Digest Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

 U.S. Privacy Digest U.S. Privacy Digest

A roundup of US privacy news
Overview KnowledgeNet Chapters Sections Affinity Groups Volunteer Annual Awards Member Directory Career Central
Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

 IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

 IAPP Calendar

Review a filterable list of conferences, KnowledgeNets, LinkedIn Live broadcasts, networking events, web conferences and more.
Overview Online Training Live Online Training In-Person Training Books Practice Exams Train Your Staff Official Training Partners Web Conferences
Artificial Intelligence Governance Professional Artificial Intelligence Governance Professional

Learn how to surround AI with policies and procedures that make the most of its potential by reducing its risks.

 European Data Protection (CIPP/E)

Understand Europe’s framework of laws, regulations and policies, most significantly the GDPR.

 U.S. Private-Sector Privacy (CIPP/US)

Steer a course through the interconnected web of federal and state laws governing U.S. data privacy.

 Canadian Privacy (CIPP/C)

Learn the intricacies of Canada’s distinctive federal/provincial/territorial data privacy governance systems.

 Privacy Program Management (CIPM)

Develop the skills to design, build and operate a comprehensive data protection program.

Privacy in Technology (CIPT)

Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them.

 Foundations of Privacy and Data Protection

Introductory training that builds organizations of professionals with working privacy knowledge.

 Privacy Law Specialist Training (PLS)

Meet the stringent requirements to earn this American Bar Association-certified designation.
Overview Certification Programs Get Certified How to Prepare Continuing Privacy Education (CPE) Fees Certify Your Staff Verify a Certification
CIPP Certification CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

 CIPM Certification CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

 CIPT Certification CIPT Certification

As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments.

 FIP Designation FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

 Privacy Law Specialist Privacy Law Specialist

The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.

 AIGP Certification AIGP Certification

Ensures individuals responsible for AI systems can reduce the risks associated with this technology.

 Certificação CDPO/BR Certificação CDPO/BR

Mostre seus conhecimentos na gestão do programa de privacidade e na legislação brasileira sobre privacidade.

 Certification CDPO/FR Certification CDPO/FR

Certification des compétences du DPO fondée sur la législation et règlementation française et européenne, agréée par la CNIL.
Tools and Trackers Research Glossary Global Privacy Directory Enforcement Database Westin Research Center Web Conferences Jobs Privacy Vendor Marketplace
Global Privacy Directory

This tool identifies global data protection authorities and privacy legislation.
US State Privacy Legislation Tracker

The IAPP’s US State Privacy Legislation Tracker consists of proposed and enacted comprehensive state privacy bills from across the U.S.
Reports and Surveys

Access all reports and surveys published by the IAPP.
Privacy Governance Report

This report shines a light on the location, performance and significance of privacy governance within organizations.
Privacy Risk Study

This year’s Privacy Risk Study represents the most comprehensive study of privacy risk undertaken by the IAPP in collaboration with KPMG.
Artificial Intelligence

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources covering AI connections to the privacy space.
CCPA and CPRA

IAPP members can get up-to-date information here on the California Consumer Privacy Act and the California Privacy Rights Act.
EU General Data Protection Regulation

The IAPP's EU General Data Protection Regulation page collects the guidance, analysis, tools and resources you need to make sure you're meeting your obligations.
Data Protection Intensive: UK Data Protection Intensive: UK

Explore the full range of U.K. data protection issues, from global policy to daily operational details.

Global Privacy Summit Global Privacy Summit

Expand your network and expertise at the world’s top privacy event featuring A-list keynotes and high-profile experts.

AI Governance Global AI Governance Global

A new event in Brussels for business leaders, tech and privacy pros who work with AI to learn about practical AI governance, accountability, the EU AI Act and more.

 Canada Privacy Symposium Canada Privacy Symposium

Leaders from across the Canadian privacy field deliver insights, discuss trends, offer predictions and share best practices.

Asia Privacy Forum Asia Privacy Forum

Hear top experts discuss global privacy issues and regulations affecting business across Asia.

 Privacy. Security. Risk. (P.S.R.) Privacy. Security. Risk. (P.S.R.)

P.S.R. focuses on the intersection of privacy and technology. The call for proposals to speak at the 2024 event is open. Submit your ideas today.

 Europe Data Protection Congress Europe Data Protection Congress

Europe’s top experts offer pragmatic insights into the evolving landscape and share knowledge on best practices for your data protection operation.

 ANZ Summit ANZ Summit

Gain exclusive insights about how privacy affects business in Australia and Aotearoa New Zealand.

 Speak at an IAPP Event

View our open calls and submission instructions.

 Sponsor an Event

Increase visibility for your organization — check out sponsorship opportunities today.

Individual Membership Corporate Membership Group Membership Student Membership
Become a Member

Start taking advantage of the many IAPP member benefits today

 Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

 Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits
{[product.name]} {[ product.name ]}
clear
mode_editEdit
remove_circle_outline {[ getCartItemQuantity(product.id) ]} add_circle_outline
{[ product.price | currencyFilter ]}
TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

| Privacy by Design primer for marketing pros

rss_feed

By Jay Cline, CIPP

If you're in marketing and you want to show you're current on the latest trends involving personal data, slip this in at your next team meeting: "We need to have a point of view on Privacy by Design."

Privacy by design--or PbD for short--has gained more traction lately as the recommended solution for technology companies releasing new products. As marketing and technology increasingly overlap, however, the potential use of PbD in marketing departments is also growing.

Just ask Apple and Google. They recently came under congressional scrutiny for designing smartphone operating systems that didn't fully minimize the use and protection of location-based data. Critics claimed that inserting privacy requirements into the design phase of these systems could have prevented these privacy shortfalls, which created a media frenzy that drowned out their product-marketing campaigns.

This idea of incorporating the fair information principles (see box) into the design requirements for software applications, hardware components and user devices isn't new. Compliance and audit professionals have long preached the virtues of thinking about controls before launching new projects instead of as a more costly afterthought. 

About the Fair Information Principles

A 1973 advisory committee to the U.S. Department of Health and Human Services identified the following principles as core to ensuring personal privacy. These principles influenced the development of similar and expanded lists of principles in Canada, Europe, Latin America, Asia and now Africa.

  • Notice - inform individuals about how their data may be collected, retained, secured, used, and disclosed
  • Choice - provide individuals control over secondary uses of their information and minimize the collection, use, and retention of data for primary uses
  • Access - provide individuals a way to review and correct what data has been collected about them
  • Security - maintain the confidentiality and integrity of personal data
  • Enforcement - hold the organization collecting personal data accountable to these principles through internal and external oversight mechanisms

The difference with Privacy by Design is it has a high-profile champion--Ontario Privacy Commissioner Ann Cavoukian. Although a number of corporate privacy officers were practicing privacy by design before Cavoukian coined the term, she’s been the voice most responsible for formalizing the concept and advancing it with industry and fellow regulators. Cavoukian’s efforts have caught the attention of Forbes, which, in an article this summer, praised Intel, the Graduate Management Admissions Council and Location Labs as early adopters of the PbD approach.

Inside 1to1: PRIVACY caught up with David Hoffman, Intel’s director of security policy and global privacy officer. Hoffman explained that Intel has integrated privacy into its Secure Development Lifecycle (SDL) for product development, new data processing and marketing campaigns. This integration takes the form of assessment and reference documents as well as champions in each business unit who validate the completed assessments.

It’s easy to see how Privacy by Design can help technology companies, but what does Privacy by Design have to do with the marketing agenda?

As marketing campaigns increasingly leverage social media technologies and mobile devices, their chances of making highly visible privacy blunders have also escalated. If marketing departments wait for their IT or legal departments to fully brief them on the privacy aspects of their planned campaigns, they could end up explaining to their executive team why they have been called to appear before Congress.

How can marketing co-opt PbD? Follow these five steps.

1. Change the mindset

If your marketing team views privacy as an obstacle that legal exaggerates, think again. Privacy in the new media is a consumer expectation. Moreover, privacy laws are here because citizen-consumers demanded them.

What's a better mindset? Be curious about the privacy interests of your target audience. Start adding privacy-related questions to your research of target audiences. Tap into this data and use it to your advantage to generate higher engagement and retention. Lead with privacy instead of ducking from it.

2. Build a PIA into your BRD

How do you systematically design to the privacy interests of your target audience and offer them privacy as a service? Convert your target audiences' privacy interests into a "privacy impact assessment" (PIA). A good PIA is a decision-tree-based checklist of questions that asks you how your product or campaign is going to collect, store, use, disclose and destroy personal data. Using a well-crafted PIA based on audience-member research can help you weigh the campaign risks and trade-offs of sharing data with different systems and third parties.

3. Add a micro-notice to that micro-site

One-page micro-sites have become the crossroads of social media marketing campaigns. They're the landing pages for consumers who've clicked on a link, and they bring them one step closer to completing the call to action. For many campaigns, the micro-site is also the first step toward collecting or pre-populating personal data from the audience member. The micro-site becomes a privacy point of interest. If consumers have even the slightest hesitation about the information being asked of them, they could drop out of the process.

Prevent that drop-off by adding a short privacy notice or "micro-notice" to that landing page. Tell the consumer why you need the data you're asking for and that you won't share it with others for marketing purposes, and include a link to your full privacy notice.

4. Create privacy self-service

You've heard of software-as-a-service. Offer your audience members privacy as a service. This could include options such as just-in-time privacy notices; a personal profile and permission-management center, and live chat for privacy questions. Enable consumers to dial up and down the level of frequency for marketing communications instead of just having an all-or-nothing on-off switch. Offering privacy as a defined service level can help you avoid leaving money on the table from consumers who want to micromanage their privacy experience like they do on Facebook.

5. Test and refine

Measuring impact is a daily reality for marketing departments. Spend X dollars on a campaign to generate Y dollars in sales. Privacy's role in improving or worsening your marginal returns shouldn't be overlooked in this measurement process. Run "A/B" tests, where you take one privacy approach with audience segment A and another with audience segment B. Document your findings and lessons learned, and keep them available in a shared area so that your future campaigns can start a leg ahead.

Up until about a year ago, if you announced at a party that your job was data privacy, people would think you tinkered around with computers all day. All that has changed. High-profile privacy debacles have popularized what privacy, or the lack thereof, means to the average person. The question is, will your marketing campaigns take advantage of this development?

 

Jay Cline, CIPP, is president of Minnesota Privacy Consultants, the winner of the 2010 Privacy Innovation Award for Small Organizations.

 

 

Read more by Jay Cline:

Inching toward consensus: A roundup of U.S. privacy legislation
Broadening definitions of personal data portend greater scope of concern for privacy offices
GMAC: Navigating EU approval for advanced biometrics
IBM's Privacy Strategy: Trust Enables Innovation
Privacy and the Pharma Chain of Trust
Xcel Energy: Building privacy into the smart grid
Creating a privacy gameplan for your social media strategy
Privacy Consent Glossary
Opt In Or Opt Out For Global Direct Marketing?
Ubiquitous Identification Series: Will Other Countries Join the Canadian Debate Over the Privacy of Public Records?
Best Buy: Using Privacy Awareness to Build Customer Centricity

 

Comments

If you want to comment on this post, you need to login.

Related Stories
Related Stories
Recent Comments