While I often speak about the fallacy of the zero-sum argument that privacy must be sacrificed for the sake of security, I wanted to take the opportunity to also argue against a prevailing view that privacy hinders business – this is a complete fallacy.
Too often, organizations – both public and private – protest that implementing serious privacy measures increases operating costs while adding nothing to the value of their business. When they do undertake a program to increase the protection of their customers’ privacy, it’s often because they feel forced to comply with jurisdictional laws. 
As Commissioner, I have always advocated the idea that privacy is good for business. My message to both public and private sector organizations has been that privacy should be treated as a business issue, not a compliance issue. In my book, The Privacy Payoff: How Successful Businesses Build Customer Trust (co-authored with Tyler Hamilton), I argue that while organizations may begin with compliance and risk aversion, ultimately they need to use privacy to attract opportunity, develop customer confidence, trust and loyalty. In short, privacy can be an important market differentiator, allowing smart businesses to gain a sustainable competitive advantage.
The numerous costs that come with a privacy breach (such as lost customers and law suits) are convincing many organizations that taking privacy and security seriously is, indeed, good business. The implementation of sound privacy policies and practices can have a number of positive effects, including a more positive business image, improved customer service and most importantly, customer confidence and trust in your business. Moreover, if all or even part of your business is conducted online, then your reputation for protecting the personal information of customers becomes a primary factor in whether someone decides to trust you with their financial information. It doesn’t take an MBA to understand that once you have lost a customer’s trust, you have lost their business, and that “word of mouth” can either make or break a product line, brand or an entire company.
As more and more business is conducted online, especially with the advent of Web 2.0, it is now critical for businesses to take the opportunity to review and improve their information management policies and practices. In doing so, organizations should take a broad view of the issue, thereby capitalizing on the opportunity to reap all the benefits of good information management practices. In particular, they should approach data privacy with the understanding that:
- Data Privacy is Comprehensive – it applies not only to the data itself but to the entire environment in which that data is collected and used;
- Data Privacy is Personal – the interests of the data subject must be considered and built into information systems and controls; and
- Data Privacy Enhances Security – by minimizing the collection, use, disclosure and retention of personally identifying data, privacy-enhancing technologies contribute to stronger data security.
Organizations that collect and use personal information bear the burden of responsibility for protecting that information. Privacy breaches may be viewed as external costs or “negative externalities,” but it is businesses, not consumers, that create these externalities through their misuse or mismanagement of personal information. If your organization holds personal information, the responsibility for protecting that information rests squarely with you.
Know that taking a proactive approach to data privacy and security (something you will often hear me refer to as Privacy by Design), will position your organization as a leader, differentiate it from the rest of the pack, and pay handsome dividends in terms of improved customer trust, goodwill, and loyalty – gaining a true competitive advantage.
To find more on our concept of Privacy by Design for businesses practices, go to: http://www.privacybydesign.ca/papers.htm or follow PbD on Twitter: http://twitter.com/embedprivacy
