The Seven Deadly Sins of Data Privacy

We tend to think that faulty technology is the root cause of identity theft, data breach, or cyber crime. But it's not.

We are.

Too often, we use technology as a scapegoat, providing a convenient excuse for us to sit apathetically in our executive offices, unwilling to turn our gaze to the enormous profit-sucking sound that is mass data theft. Like a flooded river, poor privacy leadership flows inexorably downhill from the CEO, until it finally undermines the very banks intended to contain it.

Corporate boardrooms across America care about the loss of people's personal data about as much as Ford cared about recalling the Pinto when that model began exploding on rear impact. It was cheaper to fight the lawsuits filed by the surviving relatives than to re-engineer the gas tank. In the same way, we delude ourselves that it's cheaper to take a tax write-off on data-loss line items than to stem the flow of sensitive information out of the corporation.

Business owners continue to fail to see the connection between data breach and larger profit hits: liability lawsuits, brand damage, customer flight, stock depreciation, loss of trust in the company, and bad press. Just ask TJX, a company that has spent an estimated $500 million recovering from their data breach -- a breach that could have been prevented at a fraction of the cost of the data recovery.

In stark terms, poor leadership (not technology) is the primary factor leading to data breach. We say that information is our most valuable asset, but we refuse to invest in a privacy strategy to protect that asset.

The Seven Deadly Sins

A majority of corporations experiencing data breach and workplace identity theft share similar weaknesses in their overall privacy policy. You have an opportunity to learn from their mistakes before they become yours. Begin by asking yourself whether you (as a leader) or your organization suffers from any of the seven sins:

1. Apathy -- A disturbing lack of care for and attention to a crime you incorrectly believe will never seriously impact your bottom line. If you have never had a corporate-wide privacy education initiative, you are a prime example of this weakness.
2. Ignorance -- Many leaders refuse to admit that they don't know what they don’t know. For example, do you know the value, location, and confidentiality of your sensitive data? Do you know how it is protected, how long it is maintained, and why you keep it in the first place?
3. Arrogance -- Some executives see themselves as champions of data privacy because they have a strong IT department, but fail to see that privacy doesn’t exist in a silo. Does your organization tend to believe that data privacy is the realm of the IT department? If so, you are overlooking other critical functions (human resources, sales, intellectual property, legal compliance) that are touched by privacy concerns on a daily basis.
4. Greed -- The external profit pressures are so strong on most corporations that leadership can't see the forest for the trees. What percentage of your profits goes toward protecting your information assets? If you don't know, you are at risk.
5. Hypocrisy -- Many CEOs are the first to violate the very privacy policies that they champion. Have you ever surfed unprotected at the airport? Do you shred every piece of sensitive data that goes in your trash? What passwords are stored in your BlackBerry?
6. Paralysis -- Some companies and executives have difficulty breaking old habits and, as a result, choose to perpetuate high-risk data practices. Do you collect certain private information simply because you always have? Have you ever re-evaluated your hiring policies to take corporate espionage, workplace identity theft, and insider fraud into account?
7. Procrastination -- Even executives who care about, educate themselves on, admit to, have the budget to invest in, and personally practice data safety never get around to doing something about it at the corporate level. When you are finished with this article, how will your behavior change? Will you get to it later?

This is not an easy issue to face, but running an organization isn't an easy task. Leaders who guide their corporations in developing a privacy strategy that avoids these security sins will achieve a long-term competitive advantage in the marketplace. And in the marketplace of ideas, in the oft-proclaimed information economy, what better asset to protect than our private information?