[BreachExchange] A CMO’s Data Privacy Primer: 6 Things to Know

Audrey McNeil audrey at riskbasedsecurity.com
Wed Nov 2 10:41:50 EDT 2016


http://sponsoredcontent.wsj.com/pwc/broader-perspectives/
a-cmos-data-privacy-primer-6-things-to-know/

In this age of digitization and big data, CMOs are increasingly taking a
prominent role in digital transformation, running a function where talent,
technology, big data, and devices are fused as never before. With this
transformation come big opportunities and even bigger responsibility,
especially in the area of privacy.

Indeed, consumers show rising anxiety over online privacy and security. A
2015 consumer survey found 42% of respondents more worried about their
online privacy than ever and 45% say that their online privacy is even more
important than national security. Of great concern is the impact on
business: 77% of consumers have moderated their online activity due to
privacy concerns.

In addition, as the gatekeeper of their organization’s brand and
reputation, a CMO must promote a robust governance and awareness of digital
security and data privacy (particularly as the European Union’s General
Data Protection Regulation and EU-US Privacy Shield start to take effect).
This extends to understanding data governance, cybersecurity technology,
compliance, and the legal issues.

Meeting this broad challenge calls for an expansion of the CMO skillset.
Often marketing is separated from legal, compliance, data privacy, and
security, with each function operating out of its own silo. Rather, CMOs
must integrate all of these issues into the marketing function’s activities
and strategies. This requires a multidisciplinary approach in which the CMO
collaborates with those areas in implementing data governance and controls
over marketing initiatives before they start. Defining privacy and security
requirements early on and baking them into a marketing initiative can help
avoid misuse of information and, importantly, increase trust and reduce
anxiety over data use.

So, here are six recommendations for the CMO — essentially, a
multidisciplinary privacy primer:

– Join the cybersecurity steering committee

Hardly a day goes by without news of the latest data breach. Such incidents
can be devastating to companies’ reputations and their brands. But these
are just the publicly reported breaches. Those that are not disclosed may
in fact pose greater threats and cost to an organization, as they may
involve proprietary market information, intellectual property, trade
secrets, and research. The CMO can show commitment to digital security by
joining a company’s cybersecurity and privacy steering committee to
coordinate with the CTO, Chief Information Security Officer (CISO), Chief
Privacy Officer (CPO), general counsel and Chief Compliance Officer (CCO)
on these issues. If there’s no steering committee yet, the CMO should
recommend creating one.

– Promote collaboration among marketing and the CIO, CISO and IT

In a multiplatform, interconnected world, old boundaries between marketing
and technology are swiftly disappearing — think customer data archiving and
management and “one-click” purchasing. To seize the opportunities offered
by these new technologies while safeguarding privacy, marketers must speak
the language of technology and understand how it can be applied — and how
it may affect customer interaction and behavior in this age of
digitization. Any output from this CMO/technology collaboration should be
embedded in a marketing plan to ensure that privacy and security measures
are reflected there. Folding this into the plan and taking it public can
also demonstrate to customers that the organization prioritizes privacy and
security.

– Appoint a privacy and security leader in the marketing organization

For the same reason that marketing must collaborate with the CIO, CISO and
IT, appoint a trusted lieutenant to oversee day to day interaction between
marketing and IT. This will allow the CMO to help drive the organization’s
overall digital transformation while ensuring constant privacy interaction
between marketing and IT. This privacy and security leader can also help IT
design systems that have the agility and speed that today’s marketing
functions need to keep up with digital customers.

– Understand the threat landscape

Knowledge of the threat landscape is the first step towards preventing a
data privacy breach. What does this mean? First, engage with your CTO and
CIO regularly. Meet regularly to define data-use requirements, identify any
shortcomings in current systems and processes, and discuss trends in the
threat landscape, such as hacktivists targeting a particular market and
sector. Develop threat scenarios that identify potential threats and the
steps that need to be taken to mitigate those threats.

– Create a data governance framework

Consider establishing a governance framework for ensuring how data is
collected, stored, secured, and used. The framework would include processes
for setting compliance policies and processes, and monitoring compliance
performance—not just by marketing, but also third-party vendors. Privacy of
personally identifiable information needs to be baked into all marketing
activities, particularly those that aggregate data from disparate sources,
which can open up new privacy concerns.

– Engage with legal and compliance

Too often companies overly focus on external threats and lose sight of the
internal threats to data privacy and breaches. It is critical for the CMO
to work closely with legal and compliance to safeguard internal processes
and to make certain that proper risk controls and protections are in place,
particularly as regulations such as the GDPR take hold. Compliance must be
at the heart of all marketing initiatives.

Addressing the threat landscape with this robust multidisciplinary approach
can cut across functions and bring a greater understanding of the
opportunities, challenges, and risks that digitization across multiple
platforms and devices makes possible.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161102/453e8563/attachment.html>


More information about the BreachExchange mailing list