Sheryl Sandberg’s time as Meta’s Chief Operating Officer (COO) officially came to an end on 1 August 2022. Her tenure was not without its controversies. It has been suggested that she “pioneered a whole new level of tracking” at the business, with the creation of “data mining at scale”. Prior to her time at Facebook, Sandberg was integral to the scaling of Google’s online advertising platform helping turn it into the world’s leading digital advertising business.
While we wouldn’t champion Sandberg’s suggested approach, her career does highlight the critical role that COOs play in setting the agenda for privacy in an organisation. COOs are typically the second in command executive (after the CEO). They’re responsible for maintaining business continuity and optimising operational performance. As such, their remit covers a wide range of departments, from product and marketing, to customer service, HR and research and development.
As COOs spin multiple plates at once, it’s easy for privacy to fall down the priority list. Here’s how (and why) to keep it front of mind.
1. Focus on people
With 88% of data breaches down to human error, it makes sense to centre privacy programming on the people within an organisation. COOs should ensure there’s a comprehensive training strategy in place, with frequent opportunities for refresher sessions, and appoint privacy champions to keep various departments motivated and in line with best practice. This is particularly important with the shift to hybrid working and with phishing attacks increasing in frequency and complexity. Employees should know what to do when there’s an issue, and feel able to report without the fear of repercussions.
2. Improve processes
The acceleration of digital transformation in recent years and adoption of technologies such as artificial intelligence, machine learning and the Internet of Things (IoT) have turned many COOs into data-driven operational experts who can optimise processes and redirect resources accordingly. But the influx of Big Data is problematic when it comes to privacy, not least because many organisations have quickly become overrun by information. A proactive approach to privacy starts with an audit of what data a business collects and processes, what happens to it, where it is kept (and for how long), who it is shared with, and what happens to it when it’s no longer needed. This data mapping exercise will help COOs to improve processes so employees can only access the data they need for a particular job, only use it for the right purposes, give individuals the rights they are entitled, and ensure that at every stage of the data chain the data is being processed in accordance with the law.