Why did we buy a privacy company?

On the surface, it may seem obvious. As businesses continue to digitise and privacy legislation and regulation grows, it is going to be an increasing need for our customers. Add the security angle, including the regular headlines on breaches, and you can see that adding privacy capability alongside our security services allows us to provide a much more connected outcome. 

But if you scratch that surface and go deeper, what does it practically mean?

Speaking from personal experience, I have worked through privacy processes when designing and implementing systems in areas that could be considered fairly invasive or sensitive. One of these was an Internet filtering system that could inspect what users were browsing, and the other an identity system for minors that assigned unique identifiers and had the potential for data matching. On both projects I worked with noted privacy experts that came highly recommended. However, the experience was vastly different. 

Project 1 felt like it went through the motions of meeting compliance requirements, and having a paper trail to demonstrate this had been done. A tick box exercise if you will. Project 2 was the complete opposite. As we worked through the risks, aligned with the privacy act, we were able to assess each risk and introduce controls and mitigations. This includes design changes to the system and implementing some very specific security services and monitoring capabilities. The end result was a better design, a better outcome for the users whose data we were holding, and something that added clear value to what we were delivering. 

So when we decided we wanted to acquire a privacy company, we didn’t want to acquire just any privacy company, we wanted experts that would add value and become an important and valuable part of a clients project. 

Now put this against the backdrop of the world in which we live. Technology is changing at pace. We are only just starting to consider the repercussions of facial recognition, the power of AI to connect data in ways not possible before and the ethics that sit behind this. We have seen the start of a huge shift in regulation and legislation. Kiwi businesses not only need to consider the recent changes to our Privacy Act, but often also offshore requirements such as GDPR.

As individuals, we are waking up to the social aspect of our privacy and the rights we have, or choose to give away. Has your favourite messaging app updated its privacy terms lately? Did you happen to catch The Social Dilemma on Netflix? This is prompting a change in the language we use around privacy from being compliance orientated to discussions around ethics. How might someone feel about what we are doing with their data? Is this right?

Why?

Simply it comes back to trust. Whether you are a B2B or a B2C business one of the fundamental commodities you trade upon is the trust of your customers. The trust that you are doing the right things to protect the data you hold, hold only what is necessary, and use this in an ethical fashion. 

When designing your next digital project, don’t just think about the technology or economics required for it to be a success, but the trust you will need to establish and maintain with your customers. Because a good reputation is hard to earn and easy to lose.