Privacy by Design and Default

Travis Good
August 20, 2020
In today’s landscape, privacy and security cannot be considered optional - Privacy International, 2020 (link)

Protecting the data and privacy of your users has never been more critical. In light of the many recent large scale breaches, high profile privacy legislation, and growing concerns regarding privacy across the globe, the era of bolting on privacy and security is no longer viable. The burden of privacy not only weighs heavy for companies in highly regulated industries but for businesses of any size that work with user data.

Privacy By Default

GDPR made organizations privy to the concept of data protection by design and default in Article 25. While the GDPR Article itself is generic, the idea is one that should be made part of any corporate privacy program in 2020. The concept of privacy by default is generally accepted to mean that privacy and security should extend into every aspect of a business — from technology and IT Teams to marketing and sales teams to hiring and training to executive-level board reporting. Privacy should touch everyone in an organization, regardless of the functional group or role. It should be a part of the company culture.

The challenge here is that building a culture of privacy is an ongoing effort, one that changes with each new law, regulation, and update. Like all things culture, it requires repetition, ideally in different formats and in a spaced, continual manner, to be consistently top of mind for your workforce.

Unfortunately, there are no tools or platforms that assist in building privacy by design and default. Effective privacy practices center on your people, starting with hiring and onboarding. Most companies can get this far, but few continue to promote privacy and educate their employees throughout their tenure. All too often, privacy and security training is delivered at onboarding and then on an annual cadence. This cadence is not frequent enough to promote privacy to the level of other cultural values, for example: the customer comes first or radical transparency. These cultural values are present in group chats, company all-hands meetings and board decks. Privacy often is not.

A large part of the challenge is that privacy is difficult to promote. It is not well understood, and there are often few employee examples that exemplify privacy. Meaning it’s much easier to call out a salesperson for closing a major deal than it is an engineer for practicing great privacy.

Training is one of the few methods that can continually promote privacy. Practical privacy training engages employees on a broad spectrum of privacy topics and provides scenarios for employees to learn from. These scenarios give a safe situation where an employee needs to make decisions about privacy. It creates an internal dialogue about privacy.

Checking the box on privacy and security training speaks volumes to your employees. Baking privacy into the culture of your company takes more than just checking the box, more than just annual training. It takes action by providing tools and content that instill confidence in employees that they can help maintain privacy for your customers and users.

To learn more about how Haekka can help you promote privacy across your entire company, and make privacy by design and default a part of your culture, send us an email or subscribe to updates on our product launch.