In my last post, I argued that there's a good chance the US may enact legislation similar to the EU's General Data Protection Regulation (GDPR). Like everyone else, though, I just don't know what's coming down the pike. (Case in point: On June 29, 2018, California passed a sweeping privacy law.)
My inability to accurately predict the future does not mean that enterprises need to sit idly by for Congress or state legislatures to pass new laws. On the contrary, all organizations can and probably should take steps today to position themselves as progressive, even (and especially) in an uncertain environment.
Here are four things to do.
Revise and simplify your privacy policy
Think that all privacy policies need to be inscrutable and rife with legalese? Think again.
As Pinterest shows, it's possible to create a clear, easy-to-navigate, and even cheeky document that describes how an organization handles user data.
Note the user-friendly design of the privacy policy. Pinterest eschews 10-point fonts and other design elements that effectively discourage people from reading it. The result: Not only is it easy for laypersons to read – it's also easy to actually understand it.
Remind employees of the importance of securing customer and user data
Leaks to the press have been taking place for centuries, but they are arguably more pernicious than ever. A key piece of information in the wrong hands could sabotage an organization's product launch – and don't think that this fact is lost on CEOs.
From a recent Bloomberg piece:
Apple Inc. warned employees to stop leaking internal information on future plans and raised the specter of potential legal action and criminal charges, one of the most-aggressive moves by the world’s largest technology company to control information about its activities.
Sure, Apple's move relates more to employees who are talking to the press. Although the tone of the memo is ominous, its message is spot on: Privacy is more essential than ever. Why not remind your employees of the perils and consequences of disclosing customer or user information?
Cop to hacks sooner rather than later
In the past few years, Uber has found itself in the middle of plenty of hornets' nests. Consider how the company (mis)handled its 2016 hack. Rather than admit it, then-CEO Travis Kalanick attempted to cover it up. He was successful – until he wasn't. That's one reason he no longer occupies the company's corner office. If he had been more forthright about what happened, perhaps he'd still be running Uber.
Consider applying data governance to new technologies and data sources
To be sure, many organizations have developed policies surrounding enterprise systems and even data warehouses. But what about nascent tools such as data lakes? Given how much potentially valuable information is in them, it's something worth considering.
Simon says: Prepare now for the inevitable
I don't know what's going to happen in Washington tomorrow, let alone next year. I strongly suspect, however, that the laissez faire approach to data and privacy is coming to an end. Something will eventually happen. Organizations would do well to get on board sooner rather than later.
Feedback
What say you?
Read the results of our 2018 GDPR survey, and find out how SAS can help protect personal data