Upload File

data strategy & privacy for b2smb companies · proactive strategy to understand the value of...

  • Home
  • Documents
  • Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their
21
Data Strategy & Privacy for B2SMB Companies A B2SMB Playbook: Best Practices for Winning, Keeping & Growing Small-Business Customers Playbook Contributed by

Upload: others

Post on 19-Jul-2020

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

DataStrategy&PrivacyforB2SMBCompaniesAB2SMBPlaybook:BestPracticesforWinning,Keeping&GrowingSmall-BusinessCustomers

PlaybookContributedby

Page 2: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 2

AboutB2SMBPlaybooks 3

PlaybookContributors 4

Abstract 5

Introduction 6

TheSituation 7

TheGlobalLegalities 8

TheB2SMBReality 9

PrivacybyDesign 11

TheDatasmartMethod 12

7StepstoEnsurePbD 18

AboutSourceMediaandWardPLLC 19

AbouttheB2SMBInstitute 20

Playbooks19 21

Page 3: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

B2SMBPlaybooksprovideactionablesolutionstosomeofthemostcommonissuesinB2SMBsales,marketingandoperations.We’veenlistedsomeofthebrightestmindsinSMB-focusedsolutionstosharetheirbesttactics.

WhoshouldusethisPlaybook?B2SMBpractitionersresponsibleformarketing,sales,productdevelopment,customerserviceordeliveryofsolutionstosmall-businesscustomers.

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 3

Page 4: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

--ChristianWard,theChiefDataOfficerforSourceMedia,andJayWard,ManagingMemberofWardPLLC,alawfirmfocusedsolelyondataprivacyandstrategy,tookadeepdiveintodatasecurityinapresentationatthe2018B2SMBInstituteGlobalConferenceinChicago.

Thebrotherstalkedabouttheincreasingimportanceofcreatingaproactivestrategytounderstandthevalueofthedatacompaniescollect,exploititresponsibly,andkeepprivacyonlockdown.

TheirplaybookforprotectingdatashowshowB2SMBcompaniescanidentifyandunderstandthevalueoftheirdatainventory,developaframeworkfortheuseofthatdata,andbuildastrategyaroundittoensureconsumerprivacy.

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 4

CHRISTIANWARDChiefDataOfficerSourceMedia

JAYWARDManagingMemberWardPLLC

Page 5: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

TheProblem:Companieshavelongoperatedwitha“dehumanized”approachtodata,usinganylawfullyobtainedinformationinwhateverwaytheylike.Butwithagrowingfocusondatasecurityaroundtheworldandincreasinglegalliability,B2SMBcompaniesneedtopro-activelythinkabouthowtheyhandleandusetheirclients’information.

TheProcess:UsingtheDatasmartMethod,B2SMBcompaniescantakeaninventorytounderstandandevaluatethedatathattheyareholding,andcreateaframeworkforleveragingit.Aspartofthisprocess,theycanputsystemsinplacetoensurethesafetyofdataassets.

TheResult:“PrivacybyDesign”isawaytosafeguardcustomerdataandprovideprotectionfromliability—butitcanalsoprovidetheopportunityforcompaniesthatemployittobe“BestinClass”fordataprivacy.

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 5

Page 6: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

--Inthewakeofseveralyearsofhigh-publicitydatabreachesatmajortechcompanies,privacyisincreasinglyonthemindsofbusinessesandconsumers.Asaresult,everyaspectabouthowbusinessesview,storeandmanagedataisbeingreevaluated.

B2SMBcompaniesthatdonothavedirectcontactwithconsumersmaynotthinkofthemselvesasdealingwith“personal”data,perse,buttheycanstillfindthemselvesliableforbreaches,andneedtoprotectthemselvesfromliability.

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 6

Page 7: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

CompaniesintheB2SMBspacehavebeentalkingforyearsabouttheirwealthofbigdata.“Wehavesomuchdatafromcustomers,frompartners,fromeveryone.Wejustdon’tknowhowtoleverageit…”isacommonrefrain.

Butwhenevercompaniesstarttoreallyleveragethatdatainmeaningfulways,theyinevitablybumpupagainstconsumerprivacyissues.

Mostcompaniesarestillstrugglingwithhowtobuild“privacybydesign”intotheirproducts—muchlessprofitfromit.

IntheU.S.,wehavelongoperatedwitha“dehumanized”approachtodata,believingthatanylegallyobtaineddatacanbeusedforanylawfulpurpose.Butthat’snotwheretheworld(includingtheU.S.)isheaded.

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 7

Most c

ompanies !

are st

ill struggling

!

with h

ow to build!

“privacy

by design

into their

products —

much less pr

ofit !

from it. !

Page 8: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

WhilemanyofusknowaboutGDPR(whichhasimposednewprivacyrulesfortheE.U.),manymaynotbeawarethatothermajorcountriesaroundtheworldarealsoimposingtheirownlawsarounddataprivacy.Hereareafewexamples:1.   SouthKorea’sPersonalInformationProtectionActis,ifanything,

evenmorestrictthanGDPR.2.   Australia’sFederalPrivacyAct1988appliestoalllargerentities,

regardlessofsector.3.   Mexico’sFederalDataProtectionLawappliestoallentities,

regardlessofsizeorsector,andapplieslawfulpurpose,minimization,andtransparencyrequirements.

4.   CanadahasPIPEDA,whichisbecomingmorerobustwitheachyear,astheDataProtectionCommissionerexpandsitsremit.

5.   Japan’sActontheProtectionofPersonalInformationisaGDPRanalogue,somuchsothattheECandJapanhavereachedtheworld'slargestmutualadequacydecisionondatatransfer.

Meanwhile,othermajorcountriesareapplyingsimilarlaws,andintheU.S.,CalCPAwaslikelyjustthefirststeptowardincreasedprivacy.

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 8

Page 9: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

Withthisglobaltrendondataprivacyincreasinglyclear,it’stimetoreexaminetwomajormythsintheworldofB2SMB:

1.   “MycompanyonlydealswithB2B”

ThefirstmythimpliesthatbecauseB2SMBcompaniesareonestepremovedfromtheendconsumer,they’renotreallydealingwith“personal”data.Butattheendoftheday,allofthedatawearedealingwithispersonal.Theclientisaperson,andtheclienthasclients,whoarepeople.

Meanwhile,SMBsarenotequippedtosolvetheirowndataprivacyissues,andmostwillassumethatB2SMBcompaniesaredealingwiththatforthem.

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 9

Page 10: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

2.“Theycan’treallyenforcethis[privacy]stuff,right?”

Thesecondmythisalsospecious,becauseenforcementishappeningalready.Butevenwhereenforcementislax,publicrevelationsofdataprivacybreachescanhavesevereconsequences.

Companiesthatviolateprivacylawcanlookforwardtoanaverageof5%lossinmarketcap,regulatoryfinesfrom4%ofrevenuesto$1millionormorefromtheFTC,andadditionalstock/equitylosswhenapenaltyisannounced.

Lastbutnotleast,theseprivacybreachesoftenresultinexpensivelawsuits.

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 10

Page 11: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

Theemergingconsensusisthatcompaniesneedtoincorporate“PrivacybyDesign”(PbD)intotheiroperations.PbDisanapproachandamethodtoeverythingyoudo.

MostB2SMBcompanies,atcore,areoperatingdatapartnershipplatforms—theseincludeemailmarketing,CRM,CDP,CMS,ERP,DMP,adtech,reviews,contentgeneration,social,accounting,anddocumentstorage.

Alloftheseofferingsareactuallydatapartnershipsbetweenthecompanyandthird-partysuppliers.Asaresult,companiesofferinganyofthesetypesofservicesneedtoemployaplaybookinordertoinstitutePbD.

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 11

PbD is an app

roach

and a metho

d to

everything

you do.!

Page 12: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 12

PROTECTIDENTIFY VALUE

Conductameaningful

inventoryofintrinsicandextrinsicdata

Determinethevalueandriskof

eachofthedatasets

Developaframeworkfor

usingthedatatoleverageitsvalue

Ensurethesafetyofdataassetsandsafeguard

customerprivacy

STRUCTURE

TheDatasmartMethodisjustsuchaplaybook.Companiesuseittofirstconductameaningfulinventoryofintrinsicandextrinsicdata;determinethevalueandriskofeachofthedatasets;developaframeworkforusingthedatatoleverageitsvalue;andensurethesafetyofdataassetsandsafeguardcustomerprivacy.

Page 13: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

1.   IdentifyUsinga“commoncategoriesapproach,”firstsortthetypesofdatainyourinventory:

�  Intrinsicdataisdataproducedbyyourbusiness�  Extrinsicdataisdataproducedaboutoraroundyourbusiness� Mapthesystems,thenfocusonthedatasets

Thetreerapidlyexpandsandallowsyoutoidentifydatasetsandpotentialpersonaldata.

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 13

Page 14: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 14

Page 15: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

2.   ValueItcanbeusefultothinkofvaluesinbuckets—sortingitbetween“barterorcommoditized”data,upthelineto“valuableornascent”data;“highlyvaluableorestablished”data;andthenfinally“uniqueorcriticaldata.”Themainideainthissortingistoprioritize:

�  Valuationisaboutpriorityandrisk�  Figureoutwhichdatasetsaremostimportant

�  Understandwhichhavethemostpotentialrisk(personaldata)

Onceyouhaveidentifiedandvaluedyourdataassets,compilethemintoadatabrieforadictionary.Thiswillbealivingdocumentforyoutoupdateandreferenceandwillsaveyourproduct,sales,andbusinessdevelopmentteamsaworldoftime.

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 15

Page 16: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

3.   StructureOnceyouhavegraspedthenatureandvalueofyourdatasets,youcandevelopabusinessplan,datapartnership,orbusinessframeworkaroundthem.Thiskindofstructureisabouthowyourdataconnectsbothinternallyandwithdatapartnersinlegal,technical,andstrategicways.

UsethisopportunitytoIdentifywhichkindofbusinessplanordatapartnershipsmakesenseforyourcompany,ascertainwhatyourvaluepropositionis,andestablishthekeymetricsforprojectsuccess.

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 16

Page 17: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

4.  ProtectThewholepointofPbDistoprotectdata(andyourself)ateverystageofthebusinesslife-cycle.Thisisanessentialpartofeachofthestepsinyourbusinessplan.Thisiswhereyousafeguardyourowndatasetsaswellastheprivacyandsecurityofconsumerinformation.Protectingyourdataassetsalsoprotectsthoseofyourclients.

Whydothis?GDPRandotherlegalregimesrequireit,customersdemandthatyouprotecttheirdata,andshareholdersexpectthatthecompanyisdoingthis(andwillsuetoenforcethatexpectation).

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 17

Protecting

your

data assets

also

protects th

ose

of your clie

nts.!

Page 18: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

SomestepsthatcanhelpensurePbDanddecreasedataliability:

1.  HiringadedicatedDataProtectionOfficer(DPO)

2.  Deployingadataauditteam

3.  Usingdataaccesscontrols

4.  Providingdetailedreporting

5.  Cybersecuritymeasures

6.  Legal/contractualprotections

7.  Useofdatascans,crawls,andseedstoalertyouifsomethingisamiss.

Allovertheworld,privacyregulationsaregrowing.Dataisconsideredbymany“thenewcurrency,”butthatalsocomeswithamassiveregulatoryfocusandnewchallenges.

PbDandtheDatasmartMethodcanhelpensurethatyourcompanysurvivesandthrivesinthenewprivacyparadigm.

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 18

Page 19: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

SourceMedia,anObserverCapitalcompany,isaninnovative,growingdigitalbusinessinformationandperformancemediacompanyservingsenior-levelprofessionalsinthefinancial,technologyandhealthcaresectors.BrandsincludeAmericanBanker,PaymentsSource,TheBondBuyer,FinancialPlanning,AccountingToday,Mergers&Acquisitions,NationalMortgageNews,EmployeeBenefitNewsandHealthDataManagement.

WardPLLCoffersclientsexpertiseindatasecurity,informationmanagement,andprivacy,whileprovidinghighqualitylegalservices.LocatedinMiami,WardPLLCcombinesthescopeandexperienceofalargelawfirmwiththeenthusiasmandefficiencyofastartup.

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 19

Page 20: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

TheB2SMBInstituteisthefirstprofessionalorganizationfocusedonadvancingexcellenceinthebusiness-to-small-businessecosystem.

B2SMBleaders,practitioners,brandsandenterprisesrelyontheInstituteforcriticalmarketintelligenceresources,peer-to-peernetworking,best-practiceguidanceandspecializedskillsdevelopment.

TheB2SMBInstitutechampionssmall-business-centricthinkingandpractice,withafocusonhowtoreach,engage,win,keepandgrowSMBcustomers.

Ourmember-drivenorganizationservesasadynamic,dailydestinationtofind,meetandnetworkwithB2SMBdecision-makerswhosharecommonneeds,challengesandgoals.

Visithttps://b2smbi.com/fordetailsonresources,benefitsandmembershipopportunities.

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 20

Page 21: Data Strategy & Privacy for B2SMB Companies · proactive strategy to understand the value of the data companies collect, exploit it responsibly, and keep privacy on lockdown. Their

Playbooks19istheB2SMBInstitute’snewestevent,featuringpeer-to-peerworkshopsonhowtosuccessfullywin,keepandgrowsmall-businesscustomers.

TheprogramwillfeatureleadersinB2SMBmarketing,sales,productdevelopment,customerservice,deliveryandmore,offeringB2SMBpractitionersacrashcourseindoingtheirjobsbetter.

LEARNMORE:https://b2smbi.com/playbooks19/

B2SMBPLAYBOOK:DataStrategy&PrivacyforB2SMBCompanies©2018B2SMBInstitute 21


© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA

The Economics of Privacy - Hellas...2010/06/28  · Companies that offer privacy enhancing technologies Companies that promise to keep their customers information protected and private

CYBERSECURITY AND PRIVACY NEW YORK MINIMUM … York Minimum Cyb… · NEW YORK MINIMUM CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES CYBERSECURITY AND PRIVACY • Risk

Let's talk about Privacy - Boots€¦ · across the companies that make up Boots, ... handle any complaints or queries, ... We will only deal with reputable companies that take privacy

Protecting Your Privacy in the Information Age Table of contents Concerned about your privacy in the information age? So are we..... 1 How can I protect my privacy? 2 Where do companies

Privacy in the Digital Economy final · An essay on the future of privacy By Gerald Santucci . ... In the future, ... Microsoft and many other ICT companies,

Trusted Cloud: Microsoft Azure Security, Privacy, and ... · Trusted Cloud: Microsoft Azure Security, Privacy, and Compliance | April, 2015 7 Maintain compliance. As companies and

© 2001 Andersen. All rights reserved. Andersen U.S. Privacy Study How 75 U.S. Companies Fare Against Emerging Privacy Standards July 2001

Pharmaceutical companies’ documented and online privacy ... · Volume3, Issue 2, 2015 69 information (Lanier & Saini, 2008; Rapp, Hill, Gaines, & Wilson, 2009; Xu, 2009). Companies

The Privacy Gap: Managing Website Privacy · Personalization, the very innovation that has lead to target marketing, can in fact, lead to privacy issues. Many companies offer consumers

Board oversight of privacy - Ernst & Young...2019/04/08  · Board oversight of privacy 2 • The response from companies (page 4) Achieving the right balance between providing adequate

Privacy Flag D 1.2 Privacy Flag initial architecture design · 2. Develop a global knowledge database of identified privacy risks, together with online services to support companies

Privacy, Security, and Ethics © 2013 The McGraw-Hill Companies, Inc. All rights reserved.Computing Essentials 2013

Privacy Training: Strengthening the Weak Link · 3 ©2004 MediaPro, Inc. “The weak link in many companies privacy ‘chain’ is the untrained employee. Awareness training is not

Privacy - Altran Franceinnovation-finance.altran.fr/files//Future_Company___Privacy___2012.… · As long as this ‘one-sided handshake’ continues, companies and organizations

Data protection and privacy - Allen & Overy...companies understand the restrictions they face on transferring data across borders. This creates a legal uncertainty which companies

B2SMB Playbook - Building a Killer SMB Sales Team · The Problem: Building successful B2SMB sales teams can be a puzzle — small businesses are tricky to acquire, and often require

9 99 CHAPTER Privacy and Security. 9 © The McGraw-Hill Companies, Inc. 2002 Objectives 1.Privacy 2.Security 3.Ergonomics 4.Environment

A. Additional Privacy Outcome 1: Adopting Privacy as ...norms they learn from their customers and communities. Companies must incorporate personal data processing collection, processing,

GLOBAL PRIVACY & CYBERSECURITY...GLOBAL PRIVACY & CYBERSECURITY READ MORE WHISTLEBLOWER PROTECTION NON-COMPETE PROVISIONS MATERIAL ADVERSE EFFECT CLAUSES DISTRESSED COMPANIES ISSUE

Canadian Compliance Essentials: What U.S. companies coming to Canada need to know about advertising, competition & privacy law

Consumer Attitudes Towards Data Privacy...Expectations for and importance in maintaining data privacy are highest for essential services (healthcare, banks, and insurance companies)

MARKEL INSURANCE COMPANY - PersonalUmbrella · markel insurance company privacy notice u. s. consumer privacy notice rev. 1/1/2020 facts what does markel group of companies referenced

January 2020: Survey of Fortune 500 Companies’ Privacy ... · notices of 10% of the Fortune 500 companies. The data shows that there is no one strategy for disclosing privacy practices

Protecting Student Privacy in a Networked World · 4. What are privacy requirements for private companies providing digital services to students? California’s SB 1177 (2014), described

DSF Digital Signage Privacy Standards 02/2011 · 2 capabilities.1 DSF recommends that companies provide privacy protections that correspond to the sensitivity of the information they

Recent Privacy and Data Protection Developments in Latin America and Their Impact on North American and European Multinational Companies - IAPP Global Privacy Summit (Washington, DC

Chapter Twenty-Seven DATA PRIVACY IN THE WORKPLACE 27...workplace. Additionally, multinational companies must consider not only U.S. laws, but also broader cross-border privacy laws

Workplace Privacy: State Legislation & Future Technology ......companies.15 In particular, workplace privacy questions implicate social media companies, which are largely caught in

California Consumer Privacy Act: now...comply with privacy, cybersecurity, Internet, and consumer protection laws. He also represents companies in litigation and government investigations

EY s data privacy service offering › Publication › vwLUAssets › ey-data... · challenges around data privacy. But companies that take a compliance-centric approach to data privacy

Privacy, Security, Confidentiality, and Legal Issuesmyresource.phoenix.edu/secure/resource/HCIS275CR1/Integrated... · Copyright © 2012 The McGraw-Hill Companies CHAPTER 7 PRIVACY,

Privacy and Security (additional readings) McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved

Dutch: Social Media & Privacy for companies

Targeted Advertising, Retargeting and Privacy: What Companies