This page contains a Flash digital edition of a book.
RISKY BUSINESS with Miyo Yamashita, Don MacPherson and Tara Perverseff


BUSINESS ENABLER


With the digital information age expanding exponentially, more and more companies are using their privacy policies, regulations and strategies to make sense of and money from all of the data they collect


O


ver the past 20 years, the approach that organi- zations have taken to privacy has changed with the evolving eco- nomic landscape and the bur- geoning abundance of digital information. When closely examined, one can definitely see a shift from privacy as a compliance exercise to privacy as a strategic enabler. In the late 1990s and early 2000s, many organizations in Canada invested heavily in privacy programs. These organizations hired or trained privacy officers and other privacy staff; developed privacy policies and procedures; implemented staff privacy awareness, education and training pro- grams; and, in some cases, conducted pri- vacy impact assessments and reviews on their customer information systems. This wave of investment in privacy, coupled with increasing concern regarding the protec- tion of personal information, had a strong legal focus as a series of new privacy laws and regulations impacted Canadian busi- nesses, federal works and organizations in the public and health sectors.


The main driver of this interest in pri- vacy — and a term that became part of the risk lexicon of executive teams and boards throughout the country — was the “privacy worst case” scenario. In this sce- nario, organizations faced an onslaught of customer privacy complaints, breaches of personal information or possible investi- gation by privacy regulatory bodies. And


14 SECURITY MATTERS • SEPTEMBER/OCTOBER 2010


all of these outcomes had the potential to ruin an organization’s reputation or sink its shareholder value. Fortunately, the “Big One” never happened. As a result, this initial investment in pri- vacy infrastructure, investment and re- source allocation subsided in the early-to- mid 2000s. It happened, in part, because of the number of governance and data protection-focused safeguards organiza- tions were forced to develop in the first phase of their privacy compliance activi- ties: multiple privacy policies and proce- dures; public-facing literature on privacy; revisions to contracts with suppliers and other third parties; enhancements to legacy systems that processed or stored personal information; and staff awareness, education and training initiatives, to name a few. This corporate information man- agement review and redesign was costly in terms of finances and human re- sources, but was necessary to get the pri- vacy show on the road across enterprises.


PRIVACY AS A STRATEGIC ENABLER With the shrinking cost of computer


power, network bandwidth and data storage, organizations are now faced with the exponential and unman- aged growth of data. Combined with improvements in con- sumer relationship manage- ment techniques, this growth of data enables companies to tailor their products and serv- ices more effectively based on de- mographic and socio-economic profiles of their global target markets. Organizations can now mine their ex- isting information assets to “know their customers” as never before.


Data mining has a dubious reputation from a privacy perspective, but it has be- come more widespread as a growing number of organizations successfully em- ploy the approach. The electronics retailer, Best Buy, for example, recently discovered that seven per cent of its customers ac- counted for 43 per cent of its sales and has subsequently revamped its stores to concentrate on those particular customers’ needs. Similarly, Starbucks, which uses an orchestrated marketing approach to social media, has more than 11 online channels, counts 7.2 million Facebook users at- tached to its brand, has more than 880,000 followers on Twitter, and recently received 70,000 suggestions directly from customers on “My Starbucks Idea.” Organizations of the future will increas- ingly engage in the kinds of deeper “cus- tomer experience” activities embraced by Best Buy, Starbucks and others. These activities will be predicated on customer intelligence — or citizen intelligence, in the case of governments — that is


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40
Produced with Yudu - www.yudu.com