Business leaders are driven to innovate, but compliance often has to bring them down to earth. It’s this push and pull that leads to tension between the C-suite and compliance. But that tension doesn’t have to be a given. Cape Privacy CEO Ché Wijesinghe discusses how the parties can align.
Data privacy is on every compliance officer’s mind. If it wasn’t already, recent high-profile regulations like GDPR and CCPA, in addition to more than 900 existing privacy laws, have made consumer data privacy a central focus for any business. Meanwhile, the competitive necessity of tools like a Salesforce CRM or Google Analytics introduces the policies and vulnerabilities of a third party into the mix.
Friction between the C-suite and compliance is not new, but it’s only becoming more heightened with the growing focus on consumer privacy. According to Bizagi, more than one-third of business leaders report tension between innovation and compliance. But it doesn’t have to be this way.
Here are three ways data privacy enhances other functions within an organization (and presents opportunities for alignment between compliance and the C-suite):
1. Protecting the Bottom Line
In the first two years since Europe’s GDPR went into effect, $128 million in fines have been issued across 160,000 noted data breaches. While the current numbers are relatively modest and enforcement has primarily concentrated on tech giants like Google and Facebook, data breach notifications have steadily grown following the first eight months of GDPR enforcement. And given the emergence of newer regulations like California’s Consumer Protection Act, trends are pointing toward more, not less, privacy regulation — and financial liabilities for companies that don’t comply. Compliance officers and business leaders are, or should be, on high alert to protect their companies from fines.
2. Bolstering Brand Equity
Consumers want companies to innovate to address their evolving needs and preferences, but that doesn’t mean they are comfortable giving their data as a blank check in return. According to Pew Research, 79 percent of Americans report being concerned about how their data is being used by companies.
Marketers and innovators can address this concern head-on by leaning into data privacy as an asset, rather than a hurdle. A study conducted by Cisco reveals that 32 percent of people who say they care about privacy have switched companies over data-sharing policies — presenting a real opportunity to leverage privacy as a competitive advantage.
Marketers have earned a reputation for blurring the lines when it comes to consumer privacy versus consumer insights, but with increased regulation and consumer backlash, compliance officers need to step up their game.
However, compliance officers still can be a customer-centric marketer’s best friend and keep their C-Suite colleagues happy as they pursue innovation.
3. Enhancing Customer Service
As much as consumers are concerned about how their data is used, they want a personalized experience, too. And data is key to personalization. Consumers want to receive information that is relevant to them and to avoid messages that aren’t.
A bank customer who is applying for a car loan at an institution where they already have a mortgage and savings account will want to be recognized as an existing customer — not a new contact for the bank. And a patient who receives a lab test in a hospital expects their physicians to be able to access the results — no matter if they belong to the same medical system — rather than undergoing a duplicate test.
Within sensitive industries like financial services and health care, however, history and consumer preferences do not always translate from one department to another. Complicated privacy concerns often result in siloed consumer learnings, even within the same organization. Compliance officers are frequently tagged as part of the barrier in these situations. But, by engaging compliance colleagues and privacy-protecting technology, C-suite leaders can find safe ways to share the insights consumers want used to inform their treatment and offerings, dismantling the silos.
The Role of Privacy-Enhancing Technology
Technology can do more than protect data through traditional methods like encryption. Privacy-enhancing technology can also unlock otherwise restricted data for each of the uses listed earlier.
Federated learning (also known as collaborative learning) is a useful machine-learning approach that trains an algorithm across multiple decentralized edge devices or servers holding local data samples, without exchanging them.
In this way, multiple companies can build common, robust machine-learning models while each maintains ownership of their proprietary data. Federated learning is what enables smart cities, IoT, parts manufacturing suppliers and other collaborative projects to learn on multiple distributed devices securely.
However, federated learning on its own is not a guarantee of data privacy, so it’s best to be used alongside other techniques like secure aggregation — which sends encrypted data to a secure aggregation point and then the final calculations are decrypted and shared with everyone — and/or differential privacy, which can add privacy guarantees to each of the data everyone sends.
Innovative leaders, therefore, can push the envelope on insights-driven development, while compliance officers have an up-to-the-minute safety check on the appropriate use of the data.
In determining what is best for a company, it does not have to be innovation versus security. As consumer and government demands for greater security grow alongside market demands for increased personalization and machine learning, innovation and security have no choice but alignment.