How To Foster A Privacy-Minded Team
As the co-founder and CEO of a trusted, 14-year-old privacy company, I’m often asked how I foster teams with a sense of and particular care for privacy. I thought I’d share my thoughts and recommendations more broadly.
First, you can’t embark on this mission without truly believing in the importance of establishing a privacy-minded organization. If you need convincing around its business value, consider how privacy is table stakes in these areas of an organization:
- Consumer relationships and corporate reputation: Quite simply, people prefer companies that help keep them safe online. The less data a company collects from users, the less data can be breached. Informational documentaries like The Social Dilemma remind everyone how dangerous it is to blindly give away personal data and inspire people to demand safer data practices.
- Addressing regulations: Data-privacy regulations have begun to enforce that companies protect users both abroad (GDPR) and in the U.S. (CCPA). This is apparent with last summer’s class action lawsuit against Oracle and Salesforce. The best way to stay compliant with growing and changing privacy regulations is by institutionalizing data privacy as a core organizational value.
- Recruitment and retention: Millennials care about working for socially responsible employers, and 83% of them would be more loyal to a company that helps them participate in social and environmental issues. Gen Z is also strongly prioritizing purpose in their work, so finding an employer that drives positive change for social issues like privacy will be top of their agenda.
I believe privacy must be driven from the top-down, with executives leading by example, and privacy then permeating the organization. Here’s where leaders can prioritize efforts:
Create authenticity.
You can’t foster a privacy-minded team without being invested in the outcomes yourself. Show your teams you have personally bought into privacy to help create internal buy-in — maybe you had an “aha” moment such as a creepy ad following you around the internet, or you felt inspired to go all in on privacy after watching The Social Dilemma.
Demonstrate transparency.
Communicate the company’s efforts to achieve data privacy plus bumps along the way. Despite data minimization, companies aren’t immune to hacks, so if a data breach does occur, communicate it internally and externally to users and partners in a timely manner. Be open and honest about the data you use temporarily, store or share with others, and explain why it is needed. Make privacy policies, which are inherently complex and written by lawyers, more accessible. Startpage’s team goes to great lengths to simplify our privacy policy language so that it’s front and center for user engagement.
Show support for responsible technology.
Tech leaders have the choice of which communications, payment and fulfillment platforms and other tech to support for use within the organization. Not everything will meet your data privacy standards. Exercise your choices wisely. Check potential platform companies’ privacy policies to see who they share data with, their cookie policy, etc. Give preference to European organizations over U.S. organizations because, unfortunately, the 2016 Privacy Shield framework doesn’t offer protection against U.S. companies spying on our personal data.
Invest in security.
There can be no privacy without security, so make sure to affirm appropriate security protocols to protect data you do choose to store and use.
Find privacy champions.
Who are the employees who will promote data privacy within their own teams and find opportunities to talk about it? Champions shouldn’t just be CISOs; find champions who are typically inclined to store more data and get them on board to rethink data privacy best practices and help educate the rest of their team. Typically, these people are found in:
- Marketing: This team often deploys behavioral marketing techniques, using everything they know about a potential user or customer to market to them. My company listens to existing users for direct feedback instead of spying on them and focuses on contextual advertising.
- Product development: Typically, this team is trained to collect as much data as possible for troubleshooting, fixing bugs and more. However, our team challenges every project to ask, “Is there a more private way to achieve our goal?” It takes more team conversations, but it’s built into our process.
- Customer support: This team has so much personal information at their fingertips to deliver personalized service but could consider more carefully which personal information to store or discard.
Decide where to balance privacy versus immediate financial gain.
It’s helpful to put a forecasted value on privacy elements, such as using less behavioral advertising (which uses personal data to create a profile on consumers), and introducing more contextual advertising (controlled through the search or website linguistics versus any knowledge of the user). This allows you to see the bigger picture in order to carefully balance lower monthly revenue or some increased costs that will generate more privacy and the positive benefits it brings in return.
Establish day-to-day best practices.
Reconsider typical employee practices such as doing Zoom calls with the camera on. Instead, offer employees the choice of being on camera or not. Startpage also provides avatars instead of making employees have their headshots on the website.
Install always-on privacy
Install Startpage's private search browser extension.
Invest in continuous learning.
Make privacy teaching a part of the onboarding process, including adding it to your handbook for new joiners to sign, and conduct continued training.
Celebrate cultural moments and successes.
Data Privacy Day on January 28 provides an opportunity to rally around privacy and can be used to set parameters around what data should be collected, do data clean ups, celebrate company data privacy milestones and more.
Privacy is a long-term commitment, and it’s important to stay the course. Taking action to change your company culture and approach to data privacy isn’t something you do solely to be compliant and avoid risk, but to keep sight of how privacy helps to build and maintain consumer trust, protect your organization’s reputation, increase brand value and, in short, hold a stronger competitive position.
Robert E.G. Beens is the Co-Founder and CEO of Startpage and , and a recognized privacy expert and advocate. At Startpage, Beens oversees operations, product development, technology, and finance. He is also a commercial airline pilot with Netherlands-based airline KLM. He earned his Master’s degree in Corporate, Social & Economic Dutch Law from the University of Utrecht in the Netherlands.