Menu
Menu
3 key areas for your privacy practices in the year ahead: Forrester

3 key areas for your privacy practices in the year ahead: Forrester

Looking back at publicly reported breach events and data privacy violations of the previous 12 months, there are many trends that security professionals can learn from, writes Heidi Shey of Forrester.

One customer's terrific, personalised experience may feel deeply creepy to another. Individual interpretations of privacy matter.

The intersection of privacy and customer experience reminds us of the importance of collecting and managing consent, whether that involves collecting data to personalise an experience or marketing or another initiative we aim to pursue.

We saw notable examples including those from Verizon Wireless and InMobi where the breaches converged on issues of consumer privacy and consent. In both cases, firms used tracking information to deliver targeted ads.

What can brands learn from the many data breaches that made headlines in 2016? Here are Forrester’s top three lessons learned:

Develop core capabilities for privacy oversight and accountability

Designating an individual in compliance or legal to decide what you can do with customer data based on regulatory requirements is insufficient. Instead, your firm will need to develop a set of capabilities to create, enforce and assess policies and practices and thus manage consumer data privacy cohesively. This not only helps with efforts to meet compliance requirements, but also helps you build internal standards for privacy and data usage that align with corporate culture and values to balance data use innovation and risk.

Adopt contextual privacy practices to deliver desired customer experiences

One customer's terrific, personalised experience may feel deeply creepy to another. Individual interpretations of privacy matter. The new privacy is all about context. This means that your firm must allow customers to dynamically negotiate the collection and use of their personal data. As your firm designs its desired customer experiences, you must practice a "no surprises" doctrine (be transparent) regarding data collection and use, give consumers meaningful opt-in and consent options, and treat more data types as personally identifiable.

As your firm designs its desired customer experiences, you must practice a 'no surprises' doctrine (be transparent) regarding data collection and use

Heidi Shey, Forrester

Align functions and procedures to follow through with privacy policies.

Your firm's privacy policy is useless — and a liability — if you lack enforcement mechanisms. InMobi tracked consumers' locations regardless of whether they gave consent to use their data and ignored those who opted out and used their data anyway. You must document internally how your firm achieves what your privacy policy promises, and ensure that security and operations pros responsible for implementing controls understand your data use and handling policies.

What will we see in 2017?

Read more: Ways to recruit - and retain - top digital talent

The new year has gotten off to a quick start: the Obama administration relaxed National Security Agency (NSA) data sharing rules, the EU released its proposal for ePrivacy regulation, Australia’s Federal Court issued a landmark ruling on what is considered “personal information,” South Korea submitted its intent to join the APEC Cross-Border Privacy Rules system, Family Tree Now and Meitu raised privacy fears among consumers, a new CIA director was sworn in despite concerns from privacy advocates, President Trump signed an executive order stripping privacy rights from non-US citizens (and might invalidate Privacy Shield as a result). The year is still young.

With your business priorities and this changing landscape in mind, what are your top privacy concerns going into 2017?

Heidi Shey is a senior analyst at Forrester.

Send news tips and comments to divina_paredes@idg.co.nz

Read more: Kiwis comfortable with mining social media to identify terrorist activity, but not for marketing: Unisys

Follow CIO New Zealand on Twitter:@cio_nz

Sign up for CIO newsletters for regular updates on CIO news, views and events.

Join us on Facebook.


Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Error: Please check your email address.

Tags ethicsmarketingcybersecurityDXInMobiethics of big databig datacxprivacyHeidi SheyVerizon WirelessCustomer Experiencedata breachCIO and CMOForrester Research

More about APECEUFacebookInMobiNational Security AgencyNSATwitterVerizonVerizon Wireless

Show Comments