CIO and CISO

Privacy Leader

Marketer and Brand Manager

Blog

Consumer Influences on Most Trusted for Privacy
March 4, 2010
FoxBusiness.com called the other day asking if we might be interested in talking about our annual Most Trusted Companies for Privacy study. Permalink

Use What Works to Create a Culture of Privacy
December 20, 2009
I was in an industrial facility recently and noticed large banners on the walls proclaiming “12 Years without a Safety Incident. Permalink

Training Is the Strongest Link
December 10, 2009
Today we held a RIM College event featuring three noted experts in corporate privacy training programs -- namely, Dean Forbes (Merck), Bob Posch (Merck) and John Block (Media Pro). Permalink

Home » Blog » Mike Spinney's Blog » Use What Works to Create a Culture of Privacy » 

RSS Feed

RSS Feed RSS Feed

Use What Works to Create a Culture of Privacy

December 20, 2009

I was in an industrial facility recently and noticed large banners on the walls proclaiming “12 Years without a Safety Incident.” I also saw certificates honoring individual employees who had eclipsed certain thresholds without a time-lost safety event.

 
It struck me that this is the kind of simple program that privacy and compliance officers can use as a model to create a “culture of privacy” throughout the entire employee community and instill a basic awareness of each employee’s responsibility to protect sensitive information. Such programs would be relatively simple and inexpensive to implement because the model has already been used successfully for decades by safety officers to educate and reward employees for demonstrating effective safety practices in their jobs. A quick look around the organization reveals other programs that can be replicated by privacy and compliance officers. Human resources executives, for example, already offer training and awareness programs to prevent sexual harassment or various forms of discrimination.
 
What’s the difference between these initiatives and similar programs for privacy and information security?  Why are these things not being done for the purposes of preventing a data breach? In a word: Lawsuits.
 
If someone slips and falls and hurts their back on the job because of unsafe conditions, there’s a good chance a lawyer’s going to come looking for a paycheck.  If a female employee attracts unwelcome attention from a boorish executive, there’s a good chance a lawyer’s going to come looking for a paycheck. If someone feels they were denied a job, raise, or other benefit because of the color of their skin, lifestyle choice, religious practice, disability or what have you, there’s a good chance a lawyer’s going to come looking for a paycheck – and rightly so.  These are negligent or unethical business practices that need to be addressed.
 
But until recently, no lawyer had successfully extracted a paycheck from a company because of negligence leading to a data breach… but as my recent blog post points out, I think 2010 is the year that dynamic will change.

Posted by Mike Spinney at 12:03 pm


Add Comment (0 comments)
Tags: