What is the best way to enforce data privacy without impeding future innovation?
Sort by:
Vest everyone in the process and outcome - even if they are not privacy literate.
Tell everyone and often: "We are not the Department of 'No.' We do not want to impede innovation or experimentation; we too want this company to succeed. We do not however want to see this company get any adverse regulatory or otherwise negative publicity due to a failure of controls or oversight."
The sooner privacy is embedded in projects, the easier it is to comply. So, first you should adopt the "Privacy by Design" principle.
Then, privacy regulations are not YES/NO type, they are risk-based. So, building a prepare risk assessment methodology may help balance the innovation VS privacy rights/requirements.
Last, privacy team should never say no to projects, instead, they should talk with the business to develop option that maintain innovation while still being compliant (in accordance with your risk appetite).
Hint: use anonymization as much as possible, this gets you out of any privacy concerns.
Consider implementing a "Privacy Innovation Challenge" within your organization. Encourage employees to come up with innovative solutions to protect data privacy while fostering technological advancements. Offer incentives, such as recognition or rewards, for creative ideas that successfully strike the balance between privacy and innovation. This approach not only engages your team in actively thinking about privacy solutions but also taps into the collective intelligence of your workforce, potentially uncovering unique and effective strategies for data protection that might not have been considered otherwise.
Hi Olga <br>That was an interesting viewpoint. Can you share an example of an interesting aspect you may have come across previously unknown to you , post having conducted such a challenge with your staff?
There’s a common misconception that enforcing data privacy slows down innovation, but from my experience as a Tech and Privacy Executive, privacy is actually a business enabler rather than a blocker. Simply handing teams a list of privacy rules rarely works because marketing focuses on leads, product wants a seamless user experience, and sales aims to close deals, so privacy can often feel like an obstacle. Instead of saying "No, you can’t do that", I guide teams by showing them what they can do, like using anonymized data or adding user controls that actually boost engagement. Getting involved early, conducting thorough risk assessments, and balancing compliance with business goals are essential to making this approach effective. It’s also crucial to speak their language and frame privacy as a helpful tool rather than a hindrance.