Five privacy must dos for Chief Operating Officers

Often second in command, COOs have a wide-ranging remit, which makes them the perfect ally in the fight for privacy

By Nigel Jones

Co Founder of The Privacy Compliance Hub

August 2022

Sheryl Sandberg’s time as Meta’s Chief Operating Officer (COO) officially came to an end on 1 August 2022. Her tenure was not without its controversies. It has been suggested that she “pioneered a whole new level of tracking” at the business, with the creation of “data mining at scale”. Prior to her time at Facebook, Sandberg was integral to the scaling of Google’s online advertising platform helping turn it into the world’s leading digital advertising business. 

While we wouldn’t champion Sandberg’s suggested approach, her career does highlight the critical role that COOs play in setting the agenda for privacy in an organisation. COOs are typically the second in command executive (after the CEO). They’re responsible for maintaining business continuity and optimising operational performance. As such, their remit covers a wide range of departments, from product and marketing, to customer service, HR and research and development. 

As COOs spin multiple plates at once, it’s easy for privacy to fall down the priority list. Here’s how (and why) to keep it front of mind.

1. Focus on people

With 88% of data breaches down to human error, it makes sense to centre privacy programming on the people within an organisation. COOs should ensure there’s a comprehensive training strategy in place, with frequent opportunities for refresher sessions, and appoint privacy champions to keep various departments motivated and in line with best practice. This is particularly important with the shift to hybrid working and with phishing attacks increasing in frequency and complexity. Employees should know what to do when there’s an issue, and feel able to report without the fear of repercussions. 

2. Improve processes

The acceleration of digital transformation in recent years and adoption of technologies such as artificial intelligence, machine learning and the Internet of Things (IoT) have turned many COOs into data-driven operational experts who can optimise processes and redirect resources accordingly. But the influx of Big Data is problematic when it comes to privacy, not least because many organisations have quickly become overrun by information. A proactive approach to privacy starts with an audit of what data a business collects and processes, what happens to it, where it is kept (and for how long), who it is shared with, and what happens to it when it’s no longer needed. This data mapping exercise will help COOs to improve processes so employees can only access the data they need for a particular job, only use it for the right purposes, give individuals the rights they are entitled, and ensure that at every stage of the data chain the data is being processed in accordance with the law.

Answer our GDPR compliance checklist questions and we will email you an objective, personalised audit report within minutes, completely free of charge.

Get your audit

3. Be careful about who you do business with

It’s a fact of modern enterprise that organisations share data with other businesses. But the General Data Protection Regulation (GDPR) requires leaders to only share personal information with companies that take privacy as seriously as they do. If a data breach affects your customers because one of your partners has a sloppy approach to compliance, you risk a hefty fine from the regulator and vast reputational damage. Investors are also interested in privacy and will ask about you during the due diligence phase how you share personal data safely. COOs should ask themselves whether it’s necessary for personal information to be shared externally at all. If it is, ask the other business to complete a risk assessment questionnaire or do your own investigation. And put an appropriate agreement in place before you begin working together. 

4. Get the C-suite on board

Too often, privacy is seen as an IT or legal project that doesn’t involve the wider organisation. By getting the executive leadership team on board, employees know privacy is important and are more likely to follow its lead. COOs can help give privacy a seat at the top table and encourage the C-suite to take an active interest in the subject. Prioritising privacy is frequently being seen as a competitive advantage, as highlighted by Apple’s changes to tracking on the iPhone and accompanying advertising campaign. After all, while more data means better business decisions, greater innovation and more astute go-to market strategies, information needs to be treated with the respect and care it deserves. By prioritising privacy, you’ll be able to build great products and support growth as a matter of course; another item ticked off the to-do list.

If you want more practical content like this article, please click below to sign up for our monthly newsletter.

Sign up now

5. Build a culture of continuous privacy compliance

The best COOs know organisational excellence doesn’t come from a tick box exercise that’s over before it’s begun. It’s only by pursuing a culture of continuous improvement that businesses can grow and adapt and remain resilient to shifting market conditions. The same is true of privacy. If employees understand privacy compliance, they care about it. And if they care about it, they’re willing to act to keep personal information safe. COOs are well placed to drive this culture forward, ensuring it remains constant even as a business scales and evolves. It’s about building resilience for the future. One with privacy at its heart.

More to watch and read