Insights

White Papers

Privacy by Code

By: Chris Nichols, Director Information Management Practice and colleagues

Regulatory scrutiny and the ongoing transformation of the role of data in business and institutions have led to new programs to meet the data privacy needs of customers and employees.  The drivers and responses forming these programs vary broadly across industries and individual companies.  This series is designed to highlight the challenges and unique solutions created by several client companies of Unify Consulting.

“Internet Inc.”, Client Company One: Meeting data privacy regulatory demands through coding

This company, we’ll call Internet Inc., belongs to the large category of internet-driven social media and gaming companies.  While each company is different, disrupting  industries from gaming to transportation to communications, there are characteristics they share in common which create challenges and capabilities in meeting data privacy requirements for their customers.  Their core strength comes from capabilities in application design and engineering. They like to address as many challenges as possible by coding solutions.  With this strength comes some cultural characteristics:

  • Rapid growth by acquisition leads to splintering of operations, culture and data
  • Strong belief in its own coding capabilities held by each acquired company can also lead to distrust of any program that is operated at the enterprise level led by corporate headquarters (called in some of these companies “The Center”)
  • Strong distaste for anyone trying to tell them what to do and how to do it!

 

Like a number of companies in this new industry, Internet Inc. had recently been audited by U.S. agencies finding the company had an:

  • Inability to prove there was a codified process to receive and comply with customers wishing to be removed from their databases
  • Inability to track and report on the number of instances of customer complaints regarding the management of their personal data

 

With the help of Unify Consulting, Internet Inc. moved quickly to address these issues.  Internet Inc. was determined to build rather than buy software solutions to meet program goals.

Unify Consulting was brought in to help with several program areas.

  • Operational rigor for standing up and bringing operational one of the largest known programs in data privacy by providing top-tier project/program management for hundreds of newly hired employees
  • Formalized, documented and created technology to justify and report on progress to government regulators; creating and documenting and measuring processes
  • Monitored and reported on program KPIs and Controls called “safeguards”, implementing some 400 dashboards and dozens of reports for internal and external tracking of program growth in capabilities. Program has been underway for over a year and still growing.

 

Together we created a program with improved capabilities at each step of program creation:

Step 1: Deciding what to measure and setting of Goals.  Internet Inc. program leaders decided to incorporate tracking of any customer request for change in their profile and use of their data, including request for deletion.  They created improved user capabilities to both enhance customer experience but also trigger actions and monitoring for reporting purposes

Step 2: Improving information change processes with improved tracking.  Each change process now had milestone steps that triggered the ability to track progress, determine process blockages which led to improvements in speed and execution

Step 3:  Setting up dashboards and reports, establishing Service Level Agreements.  Each action request could now be tracked, and once trends were established, new goals and finally Service Level Agreements could be set and improved over time.

The Result and What’s Next:

Internet Inc. has made progress in its goals to better meet client data privacy needs.  Internal resistance to these programs has been considerable, and there will always be a tension between the desire to keep the pace of growth accelerating and the desire to better manage customer data.  Some who initially resisted are beginning to look at these new capabilities as the company investing to improve customer experience, which of course can support growth as well.