Privacy has become a priority for virtually every company regardless of size, vertical, and geography. Privacy regulations have popped up around the world, including Europe, the US, and China. India will soon be added to the list. Rising customers’ and employees’ privacy expectations are also converging to force businesses to prioritize privacy and will keep doing so in the future. Companies are responding by maturing their privacy programs, developing best practices, and sharpening their respective toolkits.
Companies are investing in privacy
According to Forrester survey data, most companies worldwide have adopted a formal privacy program and have a chief privacy officer (CPO) in place. Half of these CPOs report directly to the company’s CEO. While privacy programs are primarily set up to deliver on compliance requirements, one of the key benefits companies report as a result of their program is increased customer trust. With the volume of individuals’ privacy rights requests on the rise, new requirements being discussed, and emerging risks to tackle, privacy decision-makers expect to increase their privacy budgets in the next 12 months.
The appetite for adopting new technology is also rising. While most teams are still relying on spreadsheets to manage their programs, privacy teams are progressively investing in more sophisticated and automated technology to support their efforts. Encryption is one of the main technologies being implemented today. Privacy-preserving technologies, as well as software for privacy training, top the list of new tools privacy decision-makers are planning to adopt in the next future.
The reliance on automated technology helps privacy organizations perform better. However, to solve their most significant challenges, they need to think about processes, governance, and policies on top of technology. And they need to establish strategic collaboration with others in the organization. In fact, when asked about the biggest challenges to effectively protect the personal data of their customers and/or employees, most privacy decision-makers reported that the fear of worsening the experience of their customers and/or employees is their biggest challenge.
Employee privacy expectations are greater than most assume
Companies have learned that EX — the employee experience — directly influences the quality of their customer experience (CX). As such, they are prioritizing efforts to improve their EX. But employee privacy is still too often left out from the list of key EX — and privacy — initiatives. This is a mistake.
How companies treat their personal information has a significant impact on how employees feel about and trust their employers and on how they perform. Employees have strong privacy expectations at work. In fact, data from Forrester’s new Privacy Segmentation shows that as many as 72% of employees globally do not want their personal data used as part of workforce analytics projects without their consent. Additionally, more than half wish they had more privacy protections in the workplace. About the same number take active measures to limit the amount of personal data they share with their employers.
Companies and their privacy leaders must learn how their employees feel about their personal data at work and develop privacy practices that meet these expectations. Those that understand employee privacy only as a compliance requirement should upgrade their existing practices to address employees’ privacy attitudes beyond mere compliance. Compliance is the floor, not the ceiling. And those that have existing strong employee privacy practices in place must ensure that they continuously improve them to align with changing employee privacy expectations.
Organizations can help empower employees with privacy at home
Employee privacy concerns and interests intersect with their personal lives. The lines start to blur between work and home as companies move to an anywhere work model and have a remote workforce. Companies will have a ceiling when it comes to applying cybersecurity controls that reach into the home. Employees have expectations of privacy; employers have liability concerns, and privacy and labor laws are non-negotiable.
To keep privacy top of mind and engage your workforce, you can be a resource for information to empower your employees to level up their personal privacy posture. For example, point to how a credit freeze can help prevent identity theft. This can also include education about tools like VPNs and identity theft monitoring and protection services. You can also highlight privacy and anti-surveillance tools. For example, email and credit card masking tools like Abine and MySudo; secure messaging apps like Signal; and popup blockers and script blockers like Adblock, Ghostery, NoScript, and uBlock Origin.
Many ISPs also offer home cybersecurity services today as well. These services are typically delivered via the home router and include capabilities like network and device security, Wi-Fi/network management and optimization, parental controls, and privacy features. Concierge cybersecurity and privacy services like BlackCloak and Cypient Black will take a tailored approach to protect individuals (typically executives and VIPs) from targeted attacks aimed at their home environment.
While technologies and services can help, privacy-minded behaviors and habits will have the most day-to-day impact. Forrester data shows that US online adults’ common actions to protect their privacy include clearing Internet browsing history and adjusting permissions for specific apps. This is where an organization’s efforts to update and invest in their privacy awareness training programs will help to empower employees the most.
This post was written by Principal Analysts Enza Iannopollo and Heidi Shey, and it originally appeared here.