No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights

Privacy is Too Important to Be Left to the Lawyers

by Robert Zafft
July 21, 2016
in Uncategorized
Who should take charge of data privacy?

“War is too important to be left to the generals.” – Georges Clemenceau

Imagine going out on a date and having to bring along your little brother or sister. It’s not that their presence is overbearing (unlike, say, your father’s). It’s that they’re eager, interested and generally clueless.

So it often is with company privacy programs and lawyers.

The Rise of the Privacy Function and Privacy Rules

Privacy as a corporate discipline arose because electronic databases and the internet made data incredibly accessible. Access, in turn, created a market for the data. It was one thing for the owner of the friendly corner store to know what kind of toys you liked, beer your father drank or magazines your mother read. It’s another thing when that information can be sold instantly and globally to thousands of marketers or posted on social media. What’s worse, a global black market in data has made hacking not just fun, but highly profitable.

The prospect of a data free-for-all served nobody’s commercial interests. One hundred years before the internet, even a world-class cynic like Mark Twain observed that “a business cannot thrive where the parties to it cannot trust each other.”

The modern response involved associations like the Internet Advertising Bureau (IAB) and Network Advertising Initiative (NAI) adopting privacy codes and guidelines. Of course, many people – and not just Bernie Sanders supporters – take a dim view of such efforts. They think private businesses amoral, rapacious predators eager to use and abuse consumers for short-term gain.

There are bad apples, to be sure. But, except for Don Rickles, few people can make a living out of offending their customers. The IAB and NAI guidelines represented a sincere attempt to strike a balance between consumers’ privacy concerns and fast-growing and ever-changing online business models.

And, of course, governments also got into the act. State governments passed data breach notification laws. The federal government enacted a patchwork of laws focused on financial data (Gramm Leach Bliley), health care (HIPAA, HITECH), spam, etc. Canada and the EU passed comprehensive privacy laws/directives. The Federal Trade Commission (FTC) has no direct statutory authority to regulate internet privacy, except with respect to children (COPPA). To gets its bureaucratic nose under the tent, the FTC has encouraged companies to post their privacy policies, then hammered them for deceptive trade practices when these policies are violated. The FTC has also issued a breach-disclosure rule regarding health data. In short, in the United States and abroad, proposing and adopting new privacy laws, regulations and rules represents a growth industry.

Which brings us back to lawyers.

What Role for Lawyers

Generally, the first Chief Privacy Officers (CPOs) were not only lawyers, but reported to the General Counsel. Over time, however, many CPOs – and the privacy function they led – shifted to the CIO or COO.

This shift has occurred because at root, privacy is an operational and marketing issue. Privacy rules are typically straightforward, if occasionally asinine. Citing them is easy; implementing them is hard. This is because the rules require companies to do things like implement “reasonable and appropriate security” (HIPAA), or “a comprehensive written information security program…appropriate to [the] complexity of the institution” (Gramm Leach Bliley).  Such rules ultimately depend on technical and operational, rather than legal, analysis.

On the back end, privacy rules concern architecture, firewalls, access protocols, password requirements, etc. Operationally, companies need to treat sensitive data like hazardous chemicals, at once both useful and potentially deadly. Best practices involve avoiding accepting such information, deleting it as soon as possible, obfuscating sensitive elements, etc.

On the customer-facing side, businesses need to consider their “social compacts” with customers. This means managing the privacy and commercial expectations customers have when interacting with the business and its website. It also means managing change in a way customers will understand and accept. By analogy, a nightclub, at differing times on differing nights, might leverage differing “social compacts” with customers. For example, the club might impose a cover charge, require a drink minimum, insist that those sitting at a table buy a bottle of liquor or champagne, etc. In the right social context, the nightclub might even get customers to accept and reward the club for overt discrimination – e.g., Ladies’ Night. What matters is that the social compact is made clear to customers and matches a paradigm customers recognize and accept.

Businesses thrive when they please their customers. In the online world, establishing and evolving social compacts with customers represents a critical marketing function.

Deciding Who Drives

The technical/operational back end and the marketing front end are areas where business leaders have to lead. Systems and social compacts need to evolve with changing technology, rules and consumer expectations.

The lawyers have a role to play to be sure, but it should be a supporting and enabling one. The company must follow the law. The company needs to keep its privacy promises. But the lawyers also have to bear in mind that the only business with perfect privacy is one that has shut down.

So, by all means, bring the lawyers along. But, as with your kid brother/sister, don’t let them drive.


Tags: Communications Management
Previous Post

New Report Shows 52 Percent of Companies Have a Failing Grade on Enforcement of Proper Privileged Credential Controls

Next Post

New SEC Payment Disclosure Rules Raise FCPA Concerns for Energy Companies

Robert Zafft

Robert Zafft

March 25 - Robert Zafft (348x400)Robert Zafft practices of counsel with Greensfelder, Hemker & Gale, P.C. (www.greensfelder.com) in St. Louis, Chicago and Belleville, Illinois. He teaches business ethics at Washington University’s Olin Business School and previously served as an Associate Principal with McKinsey & Company, a Senior Advisor for Tony Blair Associates and as a Senior Expert for the Organization for Economic Cooperation and Development (OECD). He can be reached at rzafft@greensfelder.com. Follow him on Twitter @RJZafft.

Related Posts

stack of newspapers on laptop

The Social Construction of a Scandal

by Michael Toebe
December 9, 2019

Do corporate execs and legal counsel truly understand the role news media plays in establishing the narrative about fault and...

woman holding smartphone with many "like" and "heart" reactions

Engaging Social Media is More Effective Risk Management

by Michael Toebe
October 25, 2019

Social media communication is a rarely implemented risk management tool, but it should get more play. Michael Toebe makes the...

black and white illustration of shark jumping out of water

The Shark in the Wave: Revealing the Lurking Danger of Slack Data

by James Murphy
June 17, 2019

Hanzo’s Jim Murphy explores the danger of Slack data; voluminous, informal, unstructured and context-dependent, it’s a threat hiding in plain...

hand holding whatsapp icon on pink background

The FCPA Compliance Challenges in Using WhatsApp and How Companies Can Address Them

by Matteson Ellis
May 13, 2019

Matteson Ellis describes what a compliance policy for ephemeral communications should look like – a concern for Latin American countries...

Next Post
New regulations around payment disclosure will put a spotlight on anti-corruption compliance

New SEC Payment Disclosure Rules Raise FCPA Concerns for Energy Companies

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT