Privacy Culture

Data is the new oil. Data is the new currency.  Data is the new gold. Data is the biggest asset your organization has. In this digital economy, data is King.  If I had R50 for every time I have heard that, I would be sitting in Bali right now.  So if data is the commodity of the century, how do we balance it with Privacy? And What is a privacy mind-set?

Let’s make it real… let’s make it personal and start with you… You, Anne, or Sally, or John… in your personal capacity.  Do you really care about privacy? How does it impact you?  The truth is, we only care about privacy when it is gone.  And there are different levels of caring. If you want to download an app on your phone, have you noticed that they want your contacts, photos, phonecalls, and who knows what else?  How can that possibly be related to that app you are downloading?  But if you say no, you simply can’t have the app.

If your cell phone provider hands over our name, telephone number and address to a flower shop, so they can send us flowers on our birthday… That’s ok right?  Even though they shared our personal information? (perhaps even without our consent).  That is ok because we were not adversely effected by the information sharing.

If that flower shop adds us to his mailing list telling you about the specials he runs monthly, that may be a little irritating, and certainly not aligned to the reason for the cell phone provider collecting our information. But times are tough, so the flower shop guy thinks he should maybe send out weekly specials, or even daily!  That would put him front and centre with his clients. How much are we caring now? The flower shop owner sells life insurance in his quiet times to bolster his income, and now we are receiving telephone calls for life insurance.  The caring-meter is shooting upward, right? Do you see?  Same sharing, of same information.  But because of the application of that information, and the impact it has on us, we care.

We all have secrets. Some secrets are only known to those very close to us.  Some are known to absolutely no one! And with the world we live in today, those secrets are locked away online.  In our favorite shopping site, in a pay-per-view site, or in our password protection app (which has every password to every online portal you have ever accessed), maybe that folder where all your very personal pics are stashed away.  How would we feel when THAT information is leaked or shared?  Is there stuff out there you don’t want others to know? Information you would rather keep private? Now… Now you are getting the privacy mindset!

Imagine a world where you are not inundated with unsolicited direct marketing constantly.  A world where you know who has your personal information, and what they are doing with it.  Do you, sitting here right now, know in how many companies, servers, files, and even countries, your personal information is held?  Do you think the companies you deal with has your latest info?  Do you think they even know what info they have about you?

Any personnel agents here?  Human Resource specialists?

We were contacted by a personnel consultancy to do an assessment on their POPI readiness. They sounded amazing over the phone, and I couldn’t wait to meet with them.  It is a small company, operational for about five years, and doing quite well. They service some major clients and have a couple of thousand candidates on their books that they source from portals like PNet.

And guess what?

Every single one of those CV’s, their associated documents, copy ID’s etc… were piled up against the walls in their offices.  Your CV could be amongst those!

But let’s put the shoe on the other foot.  As an organization… as a cog in your organizational machine… Are you on top of your customer’s personal information? And your staff? And your suppliers? Your contractors/freelancers? Do you have piles of data lying around just ‘in case’ you may need it? Or maybe because it is easier to file away than to destroy?

The very first thing we need to do when embarking on our POPI implementation, is to change our mindset as an organisation.  We need to adopt a culture of privacy… An Modus Operandi of respect… An innate understanding of the mutual privilege of having our privacy respected, and respecting the privacy of others.

This is the most difficult part of the implementation… and in my opinion, the most important!  People tend to see POPI just as another Act to be complied with, rather than an opportunity to completely change our organisation’s mindset.  This takes time… it is ongoing… it starts before implementation, continues throughout the implementation and must live far beyond the effective date.