data privacy week The chief data and trust officer of one of Canada’s largest telecommunications providers says it should be time for IT and business leaders to discuss supporting the incorporation of privacy engineering into their products, services and solutions.
“Today, corporations and governments face a real challenge: earning customer trust against the backdrop of so many precedents that privacy should be an afterthought rather than a priority,” said Pamela Snivly telus,
“Creating products and services without rigorous consideration of the privacy implications is simply not sustainable. We still see it, but it is not sustainable for individual organizations or the digital ecosystem as a whole.
“We need to build for privacy and trust as much as we build for user-friendliness and marketability. If we’re not doing that then we’re not doing it right.”
“We need Canadians to trust the digital ecosystem and we need that trust. I think organizations need to do the work to assure the public that innovation – including the quality of life of millions of people may have the potential to improve – be realized without compromising on privacy.
is a member of Snively’s Board of Policy Information Accountability Foundation on Information Governance, and a member of the Privacy and Data Advisory Committee of the Canadian Marketing Association. She is also a founding member of the Business Privacy Group of Canada.
He said that privacy is about ensuring data security and working closely with the security team. “But privacy is also about making sure we respect all the rights associated with privacy – data [collection and retention] minimization principle, access controls, making sure we have data available to individuals who ask to see their personal information, making sure we are using and sharing it [personally identifiable information] In accordance with their reasonable expectations and applicable laws. So it goes beyond purely securing it from bad actors.
Being more transparent about how much personal data is collected and how it is used is a significant challenge, Sively acknowledged. “If we were to describe absolutely everything to everyone, we would overwhelm them,” she said. Organizations should look for opportunities to “call out” what’s most important to consumers and employees.
Complaints about lengthy privacy policies can be dealt with in what he calls layered statements. “Provide comprehensive statements for those who want to understand [policies] More detailed information at a glance for those who want to dig a little deeper.
Privacy professionals point out that their transparency is one of their biggest problems. Making sure the organization is investing in the right skill sets is another matter. A third is building privacy into products and services, and another is ensuring that the organization and its employees value customer and customer trust. Those who don’t, he said, “have an uphill battle.”
As for who is responsible for setting the tone on data privacy, “It starts at the top,” said Sneak. “I think boards need to set a tone that it matters to the organization. CEOs need to do a lot of the same thing, but it needs to go through the right organization. When we look at those who are doing it well, we look at organizations that reflect on what kind of culture they are building.
“Organizations that receive this right ensure that all employee data is appropriately understood and respected, and thus are helping to keep it secure.”