Privacy: Beyond Compliance

I'm smiling in a pretend stockade

Using Privacy Principles for Better Business

I am feeling impatient as I wait for the professional video clips from a talk I gave recently, so rather than check email constantly I thought I’d write about the topic. For now, you’ll just have to visualize me inspiring the audience and happy participants giving testimonials about how wonderful it was. If it helps you picture it, I was wearing my favourite shirt with butterflies.

Privacy Laws

I became a Privacy Officer the same day I heard that phrase for the first time. It was the early 2000’s and there was new privacy legislation here in Canada. It became (a big) part of my job to learn about the laws and how they applied to our non-profit organization. Over the years, there were more laws, and more, and I studied to become certified as a Privacy and Information Professional through the IAPP (International Association of Privacy Professionals) to understand them. Along the way, the privacy world burst into prominence with social media, the Internet of Things, identity theft, surveillance states, email phishing, and smart cities.

Privacy laws struggle to keep up with technology and it’s hard to imagine how the standards that (should) apply to massive global corporations can also be implemented by small businesses and freelancers. When I did the talk in Toronto, that was my audience: Professional Organizers, mostly sole proprietors, not companies with legal teams and their own privacy office.

Beyond Compliance

People dread the idea of “compliance”: How much is it going to cost in time, energy, and inconvenience to meet all the privacy rules I have to follow? What is the minimum I can do to comply? What is the shortest time I can spend going to workshops like Karen’s to have to learn about this? What happens if I make a mistake? Does it involve a stockade?

The thing is, the outcome of my workshops is not a laundry list of tasks to ensure compliance, the outcome is better services. Most privacy laws around the world are based on the same ten principles, so rather than detail every law’s requirements, I talk about using the principles to build a better business. Here’s how:

  1. Privacy equals respect
    Show respect for clients’ information in the ways you ask them questions, talk about them with others, and care for their information. Clients share intimate information with you so that you will help them. When you honour the confidentiality of the stories they’ve entrusted to you, you strengthen your relationship with them, improving your services.
  2. Privacy equals effective communication
    I get questions daily along the lines of “Is it okay if I gather/document/share this information about this client?” The answer is (almost) always, “First, be clear about why you see a need to do that. Second, ask the client.” When you have clear conversations with your clients about what information you need from them and how/why you are planning to use it, you build a stronger relationship with them, improving your services

The ten principles are:

  • Accountability
  • Purpose
  • Consent
  • Limiting Collection
  • Limiting Use
  • Ensuring Accuracy
  • Safeguards
  • Openness
  • Access
  • Challenging Compliance

In going through each of these in my talks, I cover the requirements of the laws: How to gather, store, share, and delete information appropriately. Most importantly, when you understand what you’re doing with clients’ information and why, you can talk clearly with them about it and come to an agreement you both understand.

Ask Me More, Anytime!

And if you want me to come and talk with your group, let me know – I love doing this work! … and maybe soon I’ll have a clip I can show you of my butterfly shirt 🙂

3 thoughts on “Privacy: Beyond Compliance

Share your thoughts! You don't need a WordPress account to comment :)

%d bloggers like this: