Roughly 60 percent of Americans don’t understand what companies do with their data. Sixty-three percent say they understand very little or nothing at all about privacy laws and regulations.
And unfortunately, some of your colleagues almost certainly fall into one of these camps. Even if they do feel like they have a firm understanding of data privacy regulations, that feeling may not translate into actual knowledge.
As a data privacy professional, part of your job is to communicate the basics of data privacy and explain the responsibilities that your coworkers have toward protecting consumer privacy. But given the nature of the challenge, it seems like privacy professionals have their work cut out for them.
In this blog, we’ll break down the major challenges that privacy professionals face when attempting to communicate privacy issues to their colleagues as well as actionable tips for overcoming these challenges.
Why does it matter whether or not your coworkers “get it”?
There isn’t a job that exists that’s made easier by being poorly understood. But it’s especially important for your coworkers to understand the basics of data privacy. Here’s why:
- You need to collaborate with your coworkers on data privacy tasks, like data subject access requests (DSARs), cookie compliance, privacy by design, privacy assessments, and more.
- Some of your colleagues will be the ones deciding your budget for compliance activities and hiring and will therefore need an accurate understanding of the risks involved and the effort required to mitigate them.
- If you want your colleagues to loop you in for vendor review, carry out an impact assessment when new data processing occurs, or conduct any other type of follow-through on privacy training, they’ll need to understand what data privacy is all about.
Why it’s so challenging to talk about privacy with your peers
Privacy can seem abstract
Privacy is often compared with cybersecurity, and although the two are both necessary investments for any modern business, there are significant differences. For one, the threat of cyberattacks is very tangible, and the steps one undertakes to mitigate that threat are equally tangible. Security experts can point to official reporting on the number of cyberattacks in a given year, the implementation of this technology or that process, and so on.
Privacy can feel a bit more abstract. For one, the main threat in the privacy space are fines for noncompliance—the actual damage caused by mishandling personal information is tough to quantify. Furthermore, privacy protection can feel like a frustrating obstacle to doing business, especially because the protection is mainly for others—not the business itself.
When you don’t understand why you need to do something, it’s harder to get around to actually doing it. That’s why privacy professionals need to make privacy a tangible reality for their colleagues. They can accomplish this by clarifying how the damage caused by mishandling personal information hurts customers, how that damage reflects back on the business through reputational damage and noncompliance penalties, how poor privacy practices make data breaches more likely and more severe, and how privacy practices translate into business outcomes.
Privacy is time-consuming
Most of your colleagues will have a neutral attitude toward data privacy. Not everybody can be as interested in data privacy rights as a privacy professional, after all. That neutrality, however, can quickly turn to dull hostility if they perceive privacy compliance as an obstacle standing between them and their ability to do their job.
If assessing vendors for privacy risk, accounting for and recording personal data flows, using secure communication channels, implementing access controls, and other privacy tasks take too much time out of your colleagues’ day, they aren’t going to want to do it. When you approach your colleagues about data privacy, they’ll quickly forget whatever you told them. In a way, they’re incentivized to do so—privacy compliance feels like it makes them worse at their job.
This is totally understandable; everybody wants to do a good job. But privacy compliance is your job. To overcome this challenge, it’s important to think of ways to relate privacy compliance to the job of the marketer, salesperson, IT professional, or whoever else you’re trying to speak with. And to whatever extent possible, make the demand on their time minimal.
Privacy compliance takes muscle memory
Even if your colleagues understand the why behind data privacy and have the time to carry out compliance activities, they’ll still struggle to put your requests into practice. You’ll run into this issue anytime you communicate a new way of doing things. Change is hard, and it takes repetition before a changed process can really stick. Your colleagues are likely to take the more privacy-conscious approach to their work once or twice before falling back into their previous routine simply because old habits die hard.
Mitigating this challenge is fortunately rather straightforward, if not easy. You simply need to be consistent and regular with your communication. The more often you remind colleagues about the need to, for instance, record where new data trackers on your website are transferring personal information, the more likely they are to actually do it.
Actionable tips on explaining why privacy matters
Get a C-suite champion
Unsurprisingly, once members of your leadership team are on board with your privacy initiatives, everybody else in the organization starts to listen. If you can, co-opt your C-suite's visibility and authority by convincing one of them to issue a mandate on your behalf.
Naturally, getting leadership buy-in is a project in and of itself. We offer some tips in our blog, Making the business case for your data privacy program.
Make it part of your OKRs
This will be easier if you’ve already gotten buy-in from a member of your organization’s leadership, but making privacy an OKR at the start of a new project or quarter can be a great way to keep privacy top of mind. This will help encourage privacy by design as well as raising the profile of privacy at your organization as a whole.
Tailor the message to your audience
You can make it all the more easy for your coworkers to follow through on privacy by tailoring your communication to their specific circumstances.
It’s important to talk about the fundamentals of data privacy, such as purpose limitation, consent, data minimization, and more, but those fundamentals need to be translated into actionable advice for the given audience.
- Marketing needs to understand why they need to ask for data collection consent on the website, how to do it, and how it’ll impact their analytics data.
- Sales needs to understand when a tool may be processing prospects’ personal information and why you need to be involved in an assessment.
- Development needs to understand how privacy fits into the development lifecycle.
- HR needs to understand how privacy affects employees and candidates.
- The C-suite needs to understand the big picture, the cost, and that the details are being handled by the people who understand them best.
If you talk about the technical operationalization of privacy to HR, your message is going to go in one ear and out the other. If you gloss over the details and issue a high-level mandate for compliance to your marketing team, you’re going to cause a lot of panic over their ability to analyze the audience. Because privacy is so cross-functional, you’re going to need to develop an understanding of every function in the business that handles personal information if you’re to communicate key compliance initiatives to your colleagues.
How we can help
Explaining why privacy matters to your colleagues isn’t something you can outsource to a tool. Only you can convey the what, why, and how behind data privacy.
However, you can create more time and structure for that conversation with the right solutions. Osano:
- Supports cross-functional compliance tasks, such as DSARs for data that span different data stores at your organization.
- Accelerates vendor reviews with assessment templates and a database of vendors scored by their privacy practices.
- Gives you more time in your day by automating common compliance requirements, such as consent management.
Schedule a demo of Osano to see how much time we can free up for you.