4 Oft-Overlooked Ways to Tighten Up Your Privacy ProgramApril 23, 2018
Given the upcoming GDPR, privacy and compliance are top of mind for organizations around the world. We’ve been posting quite a bit these past weeks about Microsoft’s approach to setting up data governance. Now, here’s a complementary take, this time from Gartner. They suggest four tactical ways to improve your overall privacy management program.
When it comes to privacy, organizations tend to face these challenges:
- Ownership: IT leaders often shoulder the burden for the program. But really, it should be a collaborative approach that touches every area of the business.
- Bolted-on solutions: Leaders often choose third-party solutions to help with privacy after the fact. This means that privacy solutions are often bolted on as an afterthought, rather than smoothly integrated with an existing workflow.
- Employee privacy: Organizations can find it hard to enforce privacy controls internally. With all the focus on customer-facing privacy, it’s easy to overlook the risk of employee privacy issues.
- Communication: Organizations tend to update the privacy messages on their websites and apps before their people, processes, and internal controls are ready to fully support the policy.
Here are the ways Gartner suggests you can tackle these challenges.
Assign business owners
In many organizations, IT often becomes the default owner of data privacy. After all, they often source or create the software that can help make privacy happen. But the key word there is help. Software alone isn’t enough to ensure data privacy. You also need people and processes in place throughout your business to make sure that privacy stays top of mind at every step.
To address this, put accountability where it belongs by assigning specific owners from your business units, particularly any teams who handle customer or employee data. This way, IT becomes more of a neutral guide to privacy. They’re no longer on the hook to make it happen on their own.
Set privacy requirements for vendors
IT should put together a list of “must-have” privacy requirements for any internal software, third-party software, or vendors, either new or already in use. That way, when business units are choosing software or vendors, they have guidelines to follow. These guidelines should include things like security controls, privacy management, certification, and audit rules.
Expand your scope to include employee data
Keeping data private is not just about customer data. It’s about keeping employee data safe, too. This includes all your human resources data and more. Gartner has found that when employees are worried about privacy, their productivity can go down by as much as 50%.
As an example, take a look at how your organization logs employee actions. Do you log every action an employee takes on their devices? Have you told them that you do this? And how long do you keep this information? Does it linger in your systems long after an employee has left the company? These are the types of things to think through—and communicate about.
Know that you’re doing what you say
Get a better platform for data privacy
- Find and catalog the personal data in your systems
- Build a more secure environment
- Simplify how you manage and monitor personal data
- Get tools and resources to meet reporting and assessment requirements
Source: Gartner. Include Four Key Components to Complete Your Privacy Management Program. December 2017