Like the private sector, the public sector also is more reliant than ever on digital technology to deliver services which necessarily involves even more collection of personal data. From your local DMV to your county clerk recorder’s office, to local health agencies registering you for your first COVID-19 vaccine appointment, the public sector requires access to your personal data to deliver needed services.

A 2019 Pew Research Institute study, however, found that public is of how their personal data is being used even as 64% of Americans surveyed expressed concern about government collection of their data. And the pandemic crisis has only accelerated the digital transformation of the public sector and thus the need for more data. Prior to the pandemic, of government employees worked remotely, and many of the public’s interactions with the government employees were face-to-face, like at your local DMV, for example. Now, the darkest days of the pandemic may be behind us, the public sector continues to adapt to the breakneck speed of its digital transformation to ensure continuity of public services.

Of course, this begs the question: What practical steps can public sector agencies and organizations take to gain the public’s trust in regard to its collection of personal data?

There is one clear answer. The public sector needs to invest in transparency, data governance, and a digitally trained workforce — and soon.

Investing in transparency

Just as private sector companies are being asked to make adjustments with respect to data collection practices, public sector agencies and organizations are making better efforts to inform individuals how their data will be used. For example, when a member of the public submits a form online, he or she should be told if their data will be made available for academic research purposes. And while the legal basis for public sector data collection is founded upon a mandate to deliver public goods (in contrast to the private sector, which is often based on companies’ business interests) the legal and ethical imperative for individuals to be informed about how their data is being used remains the same.

Government agencies and public organizations need to be investing in the tools that will allow them to deliver timely privacy notices, particularly when individuals are receiving digital public services perhaps for the first time. This alone may be the single simplest step to take when building trust with the public in the digital realm.

Public sector organizations, including academia, should consider going a step further by highlighting in privacy notices clear statements detailing the public interests that are being served through data collection, data sharing, and research efforts. Individuals should be provided with enough information to understand how their data is being used to serve a wider public interest as this will increase the individual’s understanding as to why their data is being collected and why it is important.

Investing in data governance

While transparency is critical to enhancing trust in data collection, answering the question of how data is handled is really paramount to retaining that trust. As government agencies continue their digital transformations into 2021 and beyond, elected officials need to ensure that they have allocated the appropriate resources to properly invest in data governance infrastructure.

Data governance allows public sector organizations to employ the people, processes, and tools required to effectively utilize and protect the personal data they are collecting in greater volume from the public. To support the public interest mandate for collecting personal data, public sector institutions should ensure accountability protocols that govern when data is collected and shared, how it is collected, who can use it, and under what circumstances.

By investing in data governance in this manner, elected officials are investing in the protection of the very data of which they are the ultimate public stewards.

Investing in a digitally trained workforce

With a foundation of transparent data collection and appropriate data governance, the final step to securing public trust is ensuring there are resources available to adequately train front-line teams to handle personal data securely and responsibly.

A recent joint study conducted by Stanford University and security firm found that as many as could be attributed to human error. These teams play a fundamental role in preventing breaches caused by common digital mistakes, but that is only one part of their role.

Equally important is training them to know how to react if an issue arises. Do they know who within the organization to contact? Or, what to do if they suspect a cyber-incident has occurred?

Pivoting to remote work and digital service delivery in the public sector has required new skills and training to support continuity in the safe delivery of digital public services. Training initiatives such as establishing information security awareness weeks, refreshing training modules, and creating role-based training for front-line digital staff are all key investments that should be expanded and continued.

Going forward, investments in transparency initiatives, data governance infrastructure, and a establishing a strong, digitally trained workforce should be the top priority of any government agency and public sector organization involved in the collection of the person data of public citizens.

In a multi-part series, , author Leslie Stevens looks at privacy and data security issues at corporations, government entities, law firms, and tax & accounting firms.

Some of the world’s most successful companies have recognized the strategic advantage to being highly customer-centric, of course, but one of the ways to do that is to respect your customers’ privacy and protect their data. For example, companies like Apple have capitalized on the increasing value that customers place on their privacy, and on this Data Protection Day, numerous ways in which their products and services are designed with individual privacy protection in mind.

And Apple is not the only company to realize the benefits of building robust privacy and security into their products and services. Google has also made headlines with its announcement that from 2022 onward, its tools would not support tracking of users across their websites. While there is healthy debate surrounding these announcements (and the motivations behind them), this should signal a change to which other organizations should pay attention.

Your organization’s customers and stakeholders will no longer accept anything but transparency regarding how you process the myriad of personal data you collect on them. To protect the value that such data brings to your digital strategy and growth, organizations must invest in their privacy and security programs now. The burgeoning privacy and security regulatory landscape, and the , provide the “stick” that incentivizes companies to comply with applicable data protections laws. However, corporations that operate beyond a check-the-box compliance mindset can reap further strategic advantages by implementing robust privacy and security programs that contribute to enhancing brand awareness and, ultimately, your organization’s bottom-line.

This mindset seems to be catching on. In , more than one-third of responding organizations noted they were making at least double the level of investment in their privacy and security programs they made previously.

As discussed in the first article of this series on corporations’ data security issues, organizations must get the basics of privacy and security right: keeping data secure, being transparent about digital practices, and respecting privacy preferences. Now we set out what practical steps companies can take to improve their privacy and security programs, ultimately using this to engender trust with their customers and stakeholders.

Designing the customers’ journey with privacy and security in mind

Your customers are impacted by their digital experiences with your organization, and positive digital experiences can drive growth. While your company has likely mapped out the customer journey for purchasing products or services online, has it also considered the customer journey when it comes to privacy and security? How easy is it for customers to opt-in or opt-out of marketing communications? When your company enables new technology, has the team considered your customers’ privacy and how the customer will be impacted?

To leverage privacy by design as a strategic competitive advantage, organizations must understand their customer’s digital journeys as it relates to privacy. More importantly, organizations must ensure privacy is embedded systematically across the organization from business process design to technology platform architecture and data governance.

Through this more holistic approach, your organization will be protecting the interests of your customers’ privacy and also its business. The bottom line is that privacy needs a permanent seat at the table.

Simplify your privacy processes

A seamless and clear journey for customers to better control their privacy preferences not only benefits them (their privacy is protected), it also helps achieve your compliance team’s goals (regulatory requirements are satisfied), and provides an improved customer experience and potentially better-quality data for your teams to leverage (business objectives are met).

It’s a cascading benefit. By offering clearer means for individuals to exercise their privacy preferences within your company, you are not only complying with the law; you are also curating your organization’s data to represent truly engaged audiences that can unlock opportunities for growth.

Organizations can now more easily improve the privacy experience of their customers by leveraging technology. The governance, risk, and compliance (GRC) software market is booming, especially in the privacy sphere. Companies can take advantage of the innovative SaaS landscape of GRC software options to support their privacy programs while improving the customer journey and interlinking business processes and data governance. Companies can embrace options ranging from pursuing straightforward solutions to allowing customers to opt-out of cookies on the company’s website, to leveraging software to improve collection of customer consent for marketing, to managing customer preferences across channels. In all these cases, technology can strategically support both your company’s customer privacy strategy and its business needs.

In the end, what can a robust privacy and security program do for your organization? Even when the world emerges from the global COVID-19 pandemic, the focus on digital is here to stay. The opportunities to engage with your customers online will continue to grow, as will your data collection. Further, the regulatory imperative to take privacy and security seriously will only increase with game-changing privacy laws emerging in key markets such as China and India.

As explored in the , the strategic benefits of a strong privacy and security program are real and tangible, ranging from reduced sales deal-cycle time for your business, to increased customer trust and brand loyalty, to enabling innovation in your products or services and mitigating losses related to data breaches. When these benefits are weighed in, you would be wise to ask: What is your company waiting for?

In a multi-part series, , author Leslie Stevens looks at privacy and data security issues at corporations, government entities, law firms, and tax & accounting firms.

It’s not surprising—the world has seen an unparalleled shift to digital interactions across personal and business platforms, from strong adoption of virtual fitness platforms to new ways of engaging with doctors and government agencies, and the now commonplace use of online collaboration platforms such as Microsoft Teams and Zoom. At the same time, the events of the last year has further eroded individuals’ trust in our institutions and private sector organizations, both because of the real-world damage the pandemic has wrought, and in the digital realm, the chaos caused by data breaches that have become as ubiquitous as the online platforms we continue to use in spite of our mistrust.

So, what message does your organization’s digital presence and virtual interactions with stakeholders send? Does the digital experience convey trust, leading stakeholders to believe you are a responsible steward of their data? What does trust mean in the digital environment, and how does it relate to privacy and security?

If data is the new lifeblood of organizations, then it is critical you ensure the security of your stakeholders’ data, remain transparent in how and why you use their data, and respect their privacy preferences. By adopting these few fundamental privacy and security principles, your organization can enhance stakeholder experience, brand loyalty, and advocacy.

Prior to March 2020, many organizations were focusing their privacy and security programs on ensuring compliance with the European Union’s General Data Protection Regulation (GDPR), while ramping up their approach to emerging regulations such as California’s Consumer Privacy Act and Brazil’s Lei Geral de Proteção de Dados (the General Personal Data Protection Law). When the COVID-19 pandemic hit, organizations’ priorities necessarily shifted, leaving many privacy professionals to wonder if data privacy would take a backseat to more pressing concerns.

Now, a year into the pandemic, many of those privacy and security professionals would likely respond that client demand for their guidance and expertise has only increased as we all continue to operate in this increasingly virtual world.

Digital acceleration during the pandemic

Wherever an organization was in their digital transformation journey prior to the pandemic, those efforts accelerated at an unplanned and often uncomfortable speed in the last year.

In pivoting to almost entirely remote workforces, and finding new ways to continue engaging with stakeholders, organizations became more reliant on digital technologies — some familiar and some new. Adoption of new technologies (quickly) presents privacy and security issues, requiring cross-functional diligence and agility to address them amid the current conditions. Now, more than ever, an organization’s digital presence will play a critical role in maintaining stakeholder engagement and trust in your products and services as well as the teams that deliver them.

Although the continued emergence of global privacy laws already elevated privacy and information security to board room topics, the pandemic further underscores the need for robust and dynamic approaches to operationalize privacy in a way that enhances stakeholder relationships and client experiences with your organization. Your privacy and security teams can play a critical role in how your organization presents itself as a trusted and responsible data steward to your stakeholders, ensuring that your adoption of new technologies does not sacrifice data security, transparency, or your respect for their preferences.

Privacy and security by design

Embedding the key principles of privacy and information security into how your organization operates—keeping data secure, being transparent about your digital practices, and respecting preferences—is imperative to succeeding now and in the future.

The accelerated pivot to digital technology precipitated by the pandemic has provided access to an unprecedented amount of data for organizations. With the fundamental role privacy and security teams play in performing due diligence on new technologies, as well as their implementation, organizations should seize this opportunity to move the conversation beyond the tick the box mentality that regards privacy and security solely as a means to compliance.

Equally, individuals are more aware of this fact and what it means for their privacy. Whether your stakeholders are individual consumers, corporate customers, or the public, how you treat their data, and (perhaps more importantly) their perception of how you treat their data, will impact whether they choose to engage with you now and in the future.

It’s important to remember that, in the minds of many of your clients, compliance with applicable privacy law is simply the ground floor. The next level and real benefit to your organization can only come from understanding how a robust privacy and security program can be leveraged to enhance your relationships with stakeholders, whether those are customers, employees, or the public.

In the next articles in this series, we will explore how corporations, the public sector, academia, and legal and accountancy firms can use robust privacy and security practices to enhance their interactions with their stakeholders and, ultimately, engender trust in their organization.

In a multi-part series, , author Leslie Stevens looks at privacy and data security issues at corporations, government entities, law firms, and tax & accounting firms.