When one browses the list of the Fortune 1000 companies, more and more innovative tech companies are joining the ranks, including big names like Amazon.com, Apple and Google. These companies are associated with the Internet, connectivity and “big data.” As a result, many consumers have high expectations for how these companies manage their personal data, and the companies themselves generally have large internal privacy departments. This is a good thing.
When I read the names on the list, though, I can’t help but think that every company is now a tech company and that they should be held to the same standards of privacy and security. Whether it’s Walmart with millions of credit card numbers on file from in-store and online sales or General Electric with information about how individual homes use their appliances, almost every company is now in the data business and has a significant online component to its operations.
I’m heartened to see as part of the IAPP’s new Benchmarking Privacy Management and Investments of the Fortune 1000 report that spending is going up among companies on their privacy operations and equally pleased to see that privacy professionals are being well-compensated for their work. Having served as the chief privacy officer at a couple of the Fortune 1000 companies and having started the Privacy Office at the Department of Homeland Security, I know the challenges of integrating data privacy into the corporate value set, especially when leadership is understandably focused on the bottom line. I also know how difficult it can be to get business leaders throughout the organization to consider privacy when assessing risk.
In the wake of the Snowden revelations, though, and numerous high-profile data breaches, privacy and security are becoming increasingly valued by consumers. They are starting to become areas of differentiation for companies as well. Those that respect privacy and have strong security practices in place are the ones that consumers are increasingly turning to for a variety of services. We’ve witnessed new businesses jump into the fray with disruptive technologies that promise greater privacy and anonymity but sometimes overstating or misrepresenting that capability. Still, these start-ups, along with customer demand, are pushing big companies across industries to take note and adapt.
$2.4 million on average may sound significant, but for most of the companies on the list, that is a very, very small percentage of operating costs.
In my current role with the Center for Democracy & Technology, we are strongly advocating for greater user empowerment when it comes to privacy, along with an increased focus from companies on what they collect, whether data needs to be personally identifiable, how data is protected and how it is shared with third parties. With no major legislation action expected on the privacy front in the U.S. in the near future, companies are truly the ones that can make a difference in protecting our privacy. And yes, this is all companies, not just traditional tech companies.
Over the past few years, I’ve seen progress on corporate practices that really reflect thought about the obligation to be responsible for information that is collected and used. There is still more that could be done, and I am certain that the Fortune 1000 companies could commit greater funding to their privacy operations. $2.4 million on average may sound significant, but for most of the companies on the list, that is a very, very small percentage of operating costs. Hopefully, as the value proposition of privacy and security becomes clearer, budgets will rise.
Beyond increased budgets, privacy professionals need to be engaged with teams across the organization, not just IT, legal and compliance departments. They should participate in early stage product design processes, meet with the engineers and customer services representatives and take part in marketing and sales efforts. This is even more important as privacy professionals increasingly become data guardians. They combine ethics, strategy and a vision of the company’s relationship with the customer well into the future.
It’s a big role and getting bigger.
The privacy professionals of the IAPP are working to show that privacy and security matter. It is fantastic to see the field be recognized more and more each day, and my hope is that it will become an ingrained part of the leadership in companies across all industry sectors.
If you want to comment on this post, you need to login.