Wearing clothes, locking your home, sealing an envelope, creating passwords, and so many of our daily activities have one major thing in common: They’re all done to preserve our expectation of privacy.

Although the term “privacy” wasn’t included in the U.S. Constitution until 1961, the concept of “being left alone” as a right was cultivated at the inception of America. The First, Fourth, and Fifth Amendment set an initial standard by providing freedom of conscience, the right to be secure in one’s person, and the right to refuse self-incrimination.

The introduction of the internet and instant global communication drastically changed our approach to personal privacy. Every app, purchase, or online search request has us sharing so much of ourselves to get started. A name, email, phone number, or address is all someone needs to unravel one’s entire personal life.

With so much of ourselves being disclosed on the internet, we’ve started to experience the consequences of sloppy data handling and nefarious parties. The finger is usually pointed at the usual suspects like hackers, phishing, poor passwords, and data breaches. Yet, we need to acknowledge the role businesses play to begin to understand how we can build better processes with privacy at their core and reassign control of data to the place it belongs: with individuals.

EXPECTATION VS. REALITY

Any time that someone provides their credentials, personal information, passwords, and other details online, they do so with the expectation that the data will remain private.

Unfortunately, that is rarely the case.

Once an online company has your information, it can aggregate data into a larger marketing database, and from there, it is knowingly or unknowingly sold to online brokers who use your information to turn a profit. When your information is on the internet, anyone can purchase it and use it for marketing, robocalls, spam messages, or even criminal activities.

All of this has worked to nullify personal control over our data and, ultimately, our identity.

But what if our online data was treated with the same reverence and respect as a piece of mail or a locked house?

Going into someone’s home to browse their possessions in an attempt to personalize their future sales experience would end in an arrest. Why is your personal information online any different?

We’re beginning to see more organizations make changes to protect personal privacy in response to new laws or a new awareness of their role in keeping data safe. However, we have a long way to go before businesses globally are upholding the fundamental right to privacy for every consumer.

LEADERS’ ROLE PRESERVING CONSUMER PRIVACY

While many companies are unsure where to begin their transition to consumer-first privacy practices, conducting a privacy audit can help identify weak points and provide a general roadmap for change. Here’s how to begin.

Understand your data responsibilities. Conducting a privacy audit begins with understanding the data responsibilities of the industry in which your company operates. The medical industry will have a different legal approach than an e-commerce company. For more information on privacy regulations regarding industry specific information, you can check out the FTC’s guidelines. As a rule of thumb, every business owner should treat data protection equally and seriously.

Examine what data you really need. Once data privacy expectations are set, companies need to take an honest look at the types of data being collected. It’s important to begin to understand the reasoning behind data collection, permissions involved in data collection, and the way that data is stored. Ask questions like:

• Do we need to collect all of these data points?
• Can we limit the data to improve the consumer experience or protect them better?
• Can we infer better insights with more accurate data as opposed to wider data?
• Are consumers consensually giving us permission to collect all of this data?

Data can then be divided by levels of sensitivity. Legally, financial and medical data may be treated differently than a person’s first name, although I believe the best approach is to treat all personal data with the same level of care.

Find the right security resource. For companies that do not have an extensive IT or internet security department, outsourcing this task to a well-vetted contractor can be a quick fix. Make sure these contractors understand the company’s stance on privacy and desire to pivot to a consumer-first privacy model.

Alternatively, with the increasing importance of data protection, you may want to consider building your own in-house team. This can be a good idea for companies of all sizes to make consumer data protection their priority.

Make it consensual. Embracing consumer privacy completely means embracing consensual data collection in the form of opt-ins and communicative transparency, letting the consumer know what’s being collected and for what purpose. Doing so can be as easy as a quick pop-up, a detailed page on your site or creating email communication. Make sure that all of the information is easy to digest for your consumer base, staying away from heavy legalese.

Schedule ongoing audits. Keep in mind that a privacy audit is not a one-off activity. New audits should be scheduled and completed regularly to ensure ongoing compliance and holding the organization to the highest standards consistently. For some companies this may be an annual process; for others, it could occur quarterly or even more frequently.

Push back on push back. Getting buy-in to invest in privacy is not always easy. Yet research shows that for every dollar companies spend on privacy, they see a $2.70 return. Plus, investing in strong privacy practices increases retention, brand loyalty, and a higher likelihood of conversion. Customers today want to be considered more than a number, and committing to privacy is one way a business can deliver.

It is important to stop thinking that you need every piece of data on an individual to grow your business. As business owners, we actually get smarter by focusing data on usage and not on building user profiles. The customer experience becomes better, too, reaching the consumer as they are today and not what they were yesterday.

To fully affect change, we must first take ownership of identifying the problem within our own organizations while also ending relationships with companies that are not aligned with our same values. We must seek out opportunities to work smarter and towards something bigger that puts consumer privacy and an improved experience first.

The only way to successfully build something that lasts is to acknowledge every person’s ownership over who they are and how others perceive them. This starts and ends with putting individuals in control of their personal data.