Privacy Insights by Stewart Room

Sharing Stewart Room’s Privacy insights with his authorisation. Stewart Room is Partner at PwC UK.

Top reasons to cherish concepts of privacy:

👤 Discovery and development: we need a private place to develop and grow, to experiment and to find out who we are.

👤 Happiness: our relationships with one another require a private place to kindle, to sustain, for love.

👤 Sanctuary: a private place is a refuge from persecution, intolerance, abuse and harm.

👤 Disagreement, dissent: sometimes people need to resist or fight back against dictators, demagogues and dystopian potentials, for which privacy is essential.

👤 Trust in tech: amazing tech innovations have the capacity to change the world for the good, but not without privacy trust and confidence.

👤 Consumer protection: personal data fuels business and public services, but its our data, not theirs, so privacy rules protect us from abusive practices.

👤 Reputation: respecting privacy enhances reputations, from policing, to the workplace, to online activities and everything in between.

👤 Business purpose: creating and sustaining economic value for the long term can’t be divorced from the need to respect privacy.

👤 Our values: privacy is a fundamental right in a democratic society, upon which everything stands or falls, so it’s a differentiator between what we value and what we would dread to become.

Top reasons why Data_Protection programmes fail to deliver:

😔 Purpose: if an organisation doesn’t understand why a good approach to DP is integral to its purpose, how can we expect good outcomes?

😔 Tone from the top: leadership is everything, but if the Board won’t lead on DP, what’s there to follow?

😔 Skills: DP needs a multi-disciplinary team to deliver, so if key skills are lacking, problems will embed.

😔 Silos: silos mean behavioural, virtual and physical barriers standing in the way of DP success.

😔 Vision: yes, DP is a legal topic, but in the real world it needs more than a legalistic vision.

😔 Narrow and shallow transformation: DP needs to be delivered in all layers of the organisation, covering paper, people, tech and data, so change needs to be broad and deep.

😔 Technology Reference Architecture: a comprehensive approach needs a TRA, so if you haven’t got one, don’t be surprised by DP failure.

😔 Special Characteristics: buying off the peg is ok at times, but DP needs ‘made to measure’ solutions, knowing the factors that make your organisation unique.

😔 Adverse Scrutiny: DP needs to survive adversity, so ignoring your risks is a recipe for disaster.

😔 People: the main concern of DP is people and if you forget that, you’ve got nothing.

Top things that make #privacy professionals sigh:

🤦‍♂️ New oil: sorry, personal data isn’t oil, or some other kind of commodity that can be owned then exploited and until you understand that, you just won’t understand anything about privacy, period.

🤦‍♀️ GDPR is done: GDPR has barely started, so get real and stick with the programme, because there’s a 50 year history here and its not going away. 🤦‍♂️ Privacy activists are a pain: if they are, then power to them, because they do a good job and we need them.

🤦‍♀️ X owns privacy: no, everyone owns privacy. 🤦‍♂️ Decades of experience: really, tell us about it.

🤦‍♀️ Security or privacy: a false dichotomy, a mantra for a surveillance society or police state. 🤦‍♂️ Security is privacy: nope, still wrong, keep trying.

🤦‍♀️ They’re jumping on the bandwagon: hey, this is a community and everyone is welcome, so lend them a hand. 🤦‍♂️ Consent is best: yes, consent is important, but it’s not the only route to lawfulness and certainly not the best or appropriate route in all circumstances.

🤦‍♀️ Leading privacy expert: it’s not yours to claim, but for others to think. 🤦‍♂️ Privacy stymies innovation and competitiveness: ok, prove it.

🤦‍♀️ We need fines: we don’t, we need a change of mindset.