The Call for Legal and Compliance to Minimize Data Privacy Risk

Peter, a new sales associate at a food and beverage company, copied part of the client database onto his personal device so he could work while on the road. His USB is not encrypted and unknowingly, he exposed the company to a higher risk of a serious data breach.

Employees are the biggest source of privacy risk. In fact, 59% of privacy incidents originate with an organization’s own employees. Worse still — 45% of employee-driven privacy failures come from intentional behavior (though it may not be malicious).

Often, business leaders take a reactive approach, or don’t consider this risk to be a problem until it’s too late. This approach does not serve them well, as privacy and data protection becomes more complex as organizations move more applications to cloud providers, adopt postmodern enterprise resource planning (ERP) strategies and start platform businesses.

Read more: Digitalization Ups Demands on Data Privacy Executives

Who owns privacy management?

Gartner research predicts that by 2021, more than 60% of large organizations will have a privacy management program fully integrated into the business, up from 10% in 2017. For many organizations, the responsibility for privacy is either unclear or misguided, or both. The answer: Leaders from across the organization have a role to play in translating requirements and prioritizing risk mitigation action.

Similar to how executives approached data security 10 years ago, privacy management is often addressed after the fact and not embedded into the application life cycle. Legal and compliance leaders must ensure that all departments across the business use data correctly.

“Champion a change in mindset from compliance, certification and the avoidance of fines, to the responsible and ethical use of an individual's data,” says Bart Willemsen, VP Analyst, Gartner. “This will result in increased trust in your applications, systems and your organization as a whole, while delivering positive-sum outcomes.”

Learn more: Upholding privacy by design

What legal and compliance leaders should do

As legal and compliance leaders responsible for data strategy and governance, you can minimize risk and maximize trust by doing four things:

1. Create a culture of consistent, responsible data use with senior leaders across all areas of your organization by following the seven principles of privacy by design.
2. Work with privacy professionals to build a base level of privacy knowledge and monitor the effectiveness of training.
3. Work with application leaders to review your application portfolio and retain strategic application vendors that share your approach to responsible data use.
4. Work with application leaders to use alpha and beta testers and focus groups (preferably composed of customers, partners and employees) in the development of new application functionality and in reviewing existing application functionality.