We’ve been on quite a journey together. But as we approach the end of our eight Privacy Promises, it’s time to highlight what success looks like. Organisations that have come this far promise to adopt a privacy by design and by default approach across the business. It cuts across everything.
This means everyone understands what personal data is and they care about protecting it. They know enough to ask questions when something doesn’t feel right. They’re able to think about minimising or eliminating the use of personal data where possible. And they know about giving individuals rights in relation to personal information, and making it easy for people to exercise those rights.
In the eighth, and last, of our short training videos, the Privacy Guy explores two scenarios that underline why this is so important. Imagine that you’ve taken out a house insurance policy with your existing health insurance provider and they send you a fitness watch as a welcome gift. You set it up, entering your height, weight, age and resting heart rate. But then your enthusiasm wanes and it ends up in a drawer without being used once. Six months later, you’re informed your health insurance premium is going up by 50%.
Or perhaps at work, your company buys another company and you want to consolidate marketing lists to send an email to the purchased company’s list of prospective customers. Do you see any cause for concern?
When privacy is embedded in the culture of an organisation, by design and default, it’s at the forefront of every decision, not an afterthought. Privacy compliance is woven into every process, product and service, with people asking ‘what does that mean for privacy?’ as a matter of course.
As we hope we’ve made clear over the course of our eight Privacy Promises, this doesn’t have to be complicated. But it is about training and involving all members of the team in the journey. Privacy is a basic human right. Everyone needs to play their part in protecting it.