Data Privacy Week should be a time when IT and business leaders discuss how to support the inclusion of privacy engineering in their products, services, and solutions, says the chief data and trust officer at one of Canada’s biggest telecommunications providers.
“Today, corporations and governments are faced with a real challenge: Earning the trust of customers against a backdrop of so many examples of privacy being an afterthought rather than the priority it should be,” said Pamela Snively of Telus.
“Building products and services without rigorous consideration for the privacy implications simply isn’t sustainable. We do still see it, but it’s not sustainable for individual organizations or the digital ecosystem as a whole.
“We need to build for privacy and trust as much as we build for user-friendliness and marketability. If we’re not doing that we’re not getting it right.”
“We need Canadians to trust the digital ecosystem and we need that trust to be warranted. I think organizations need to work to reassure the public that innovation — which may have the potential to improve the quality of life for millions of people — can be realized without compromising privacy.”
Snively is a policy board member of the Information Accountability Foundation on information governance, and a member of the privacy and data advisory committee of the Canadian Marketing Association. She is also a founding member of Canada’s Business Privacy Group.
Privacy is about ensuring data protections are in place and working closely with the security team, she said. “But privacy is also about ensuring that we respect all of the rights associated with privacy — data [collection and retention] minimization principles, access controls, ensuring we have data available to individuals who ask to see their personal information, ensuring we are using and share it [personally identifiable information] according to their reasonable expectations and the applicable laws. So it goes beyond purely securing it from bad actors.”
Being more transparent about how much personal data is collected and how it is used is a significant challenge, Snively acknowledged. “If we were to describe absolutely everything to everyone, we’d overwhelm them,” she said. Organizations should look for opportunities to “call out” the things they feel are most important to consumers and employees.
Complaints about lengthy privacy policies can be dealt with through what she called layered statements. “Provide broad statements for those who want to understand [policies] at a glance and more detailed info for those who want to dig a little deeper.”
Privacy pros tell her transparency is one of their biggest problems. Ensuring the organization is investing in the right skill sets is another. A third is building privacy into products and services, and another is ensuring the organization and its employees value the customer and customer trust. Those who don’t, she said, “have an uphill battle.”
As for who is responsible for setting the tone on data privacy, “it starts at the top,” Snively said. “I think boards need to set a tone that this matters to the organization. CEOs need very much to do the same thing, but it needs to go right through the organization. When we look at organizations that are doing this well, we see ones that consider the type of culture they’re building.
“Organizations that are getting this right ensure that all employees understand and respect data appropriately and thereby are helping to protect it.”