5 Takeaways from 2024’s Industry Events: A Privacy Pro’s Perspective
In September, the Osano privacy team was lucky enough to attend a...
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: July 8, 2024
Here are two numbers that might make a privacy professional’s heart rate spike: 63 and 51.
These numbers come from a recent report by the Information Systems Audit and Control Association (ISACA), which focused on trends in privacy staffing and resourcing. Specifically, they refer to the percentage of surveyed privacy professionals who believe their program budget was underfunded (63%) and the percentage of respondents who believe their budget will further decrease over the next 12 months (51%).
Privacy professionals are already making do with what they have—and they believe they’ll have to make do with even less in the future.
But you don’t have to sit by and watch the resources you need to stay compliant and protect consumer rights slip away! By being proactive, you can increase the odds that your privacy program secures the buy-in it needs to be effective. These five tactics can help you tip the scales in your favor when it comes to securing buy-in for your privacy program.
Privacy is not just a compliance necessity; it's a business imperative. To secure buy-in, clearly articulate how data privacy aligns with your organization's broader goals and values. Emphasize that a robust data privacy program goes beyond regulation compliance—it builds trust, enhances operational efficiency, and ultimately protects the company from significant financial and reputational risks.
You can discuss how investing in privacy measures can enhance customer trust and satisfaction, leading to higher retention rates and loyalty. Moreover, research shows that businesses with poor data privacy practices can increase the odds of a data breach by as much as 80%—and when those breaches happen, poor data minimization and retention practices make them all the more severe.
Osano Head of Privacy Rachael Ormiston discusses how consumers factor data privacy into their buying decisions.
Avoiding negative outcomes is a form of business value, but data privacy can also be a positive contributor. One has only to look to organizations like Mozilla and Apple that have made data privacy a significant component of their brand; privacy-conscious consumers prefer these business’s products and services. More and more consumers are becoming aware of privacy issues every day. In fact, roughly half of all surveyed consumers have stopped buying from a company or using a service because of data privacy concerns.
Data privacy doesn’t exist in a vacuum. Any department that handles consumer personal data or any system that handles consumer data has some stake in data privacy. Rather than go directly to the CEO or CFO to make your case for a larger budget and more staff, cultivate champions across the business.
By working closely with security teams, marketing, sales, product development, and IT, you can build a robust support network that sees the value in data privacy. For instance:
Not only will this tactic help you gain allies when arguing for more resources, it’ll also make your privacy program more effective now. You’ll need privacy champions willing to implement privacy-by-design principles, fulfill privacy impact assessments, and call your attention to potential privacy issues if you want to achieve compliance.
CFOs and other decision-makers often rely on hard data when approving budget requests. Prepare a compelling, data-driven case that emphasizes the financial and operational impacts of investing (or failing to invest) in data privacy. We’ve already provided a few statistics that may be compelling—such as how poor data privacy practices increase the odds of a breach by as much as 80% or that half of all consumers have chosen to take their business elsewhere over privacy concerns.
However, the most compelling metrics will be specific to your own organization. Find out how often data privacy factors into potential deals, how high of a fine your organization could incur if found to be noncompliant with this law or that one, how many vendors manage personal information, and so on. If you track down data that helps quantify exactly how much more work needs to be done on the data privacy front, you’ll go far in making your case. (If you’ve gotten experts from other departments on your side in Step 2, it’ll be easier to source this data!)
Osano CFO Ryan Macia explains how to align data privacy and business goals.
When approaching stakeholders, particularly the CFO, come prepared with a well-thought-out recommendation. Show that you've done your homework by thoroughly understanding the financial implications, exploring various alternatives, and presenting a strategic, clear-cut plan.
It’s a cliche, but it’s true: Don’t bring problems, bring solutions. Detail how the proposed investment will specifically address current issues and support the long-term health of the business. For instance, if you’re recommending privacy tech tools, explain how these will replace or supplement manual processes and what initiatives you’ll be free to pursue as a result.
Prevention is better than cure—the adage is especially true for data privacy. Highlight the significant costs of potential data breaches or compliance failures and frame the investment in privacy as a preventive measure. Point out that while it may be tempting to cut corners now, the financial, legal, and reputational repercussions of data incidents make a compelling case for proactive investment.
If your organization is subject to the CCPA, for instance, diving into the enforcement actions against Sephora, DoorDash, and Tilting Point Media could be persuasive. Depending on which laws you’re subject to, you may benefit from describing how cure periods (i.e., opportunities to fix violations before being penalized) are expiring. These talking points can help convey that waiting to receive a notice of noncompliance before getting your house in order is a dangerous game.
Osano CFO Ryan Macia explains how many companies invest in data privacy and security after disaster strikes.
Stay informed!
Data privacy is constantly evolving—that means the pressures and risks your organization will face from a privacy perspective are constantly evolving too. A new law, a new enforcement action, or a new business initiative could make all the difference when it comes to securing buy-in for your data privacy program.
For more insights on data privacy and securing stakeholder support, consider subscribing to our newsletter. Or watch our recent webinar on Securing Buy-In: Making the Business Case for Data Privacy!
Want to hear more directly from the experts? Osano's Head of Privacy and CFO discuss winning tactics to secure buy-in for your data privacy program in this webinar.
Watch Now
Matt Davis is a writer at Osano, where he researches and writes about the latest in technology, legislation, and business to spread awareness about the most pressing issues in privacy today. When he’s not writing about data privacy, Matt spends his time exploring Vermont with his dog, Harper; playing piano; and writing short fiction.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.