More than compliance. Privacy is about innovation


Here’s the backdrop. Trust disproportionately impacts bottom line business outcomes. Yet trust is at an all time low. Ethics is 3x more important than competence when it comes to trust. Yet organisations under invest in ethics. Organisations are more reliant than ever before on customer data. Yet consumers are more concerned than ever about how their data is being used. This has resulted in a data trust gap (see Ipsos Mori’s work from 2014 on The Data Trust Deficit).

There’s a growing body of evidence to suggest that thoughtful privacy and data protection practices are driver of ‘business value’. Whether you look to older reports like Operationalising Privacy by Design (2012) or Cisco’s recent work (GDPR One Year On: What Have We Learned), the rhetoric is pretty consistent. For every dollar spent investing in privacy and data protection initiatives, there seems to be a positive ROI (although, there are a lot of limitations with the data we have on this. The biggest issue tends to be that organisations aren’t exactly super open by design… More on that in another post). This ROI can be the result of positive PR (that results in positive brand/consumer sentiment, an increase in shareholder value etc.), better protection against downside risks like data breaches (which, evidently, costs a lot of money in cash, stock price, lost customers etc.) or a variety of other metrics (this will depend on the organisation in question).

Some will argue that the #privacyparadox is alive and well. We think this view is inaccurate, largely because it reflects a surface level understanding of the broader sociopolitical context. We’re much more aligned to the University of Pennsylvania’s perspective on The Tradeoff Fallacy (2015), or the more recent work from two thirds of that publishing team on Digital Resignation.

Yet so often, whether within an early stage startup or significantly larger organisation, privacy remains an afterthought. Privacy and Data Protection are too rarely ‘by design’.

If you know us, you know we think about this a lot. It’s important to us. It’s directly related to the unique services we’ve been delivering to market through Greater Than X.

So, as part of designing Greater Than Learning, we’re keen to demonstrate that data ethics, privacy, and data protection are embedded in how we think and act on a daily basis.

One piece of this complex, nuanced and never finished puzzle is our upfront Privacy Impact Assessment. We commissioned Nicole and the team at GroundUp Consulting to lead this for us.

The video (hosted on YouTube.. Yes, we know…) is an almost two hour recording of Nicole presenting the draft PIA to Mat and I (this was the first time we saw it in this state). In this session we:

  1. Discuss the recommendations
  2. Debate different interpretations and actions
  3. Visibly share detailed outputs, like our Data Protection Notice and Relationship Agreement
  4. Share insights about the tools (i.e our Better Disclosure Canvas) we used and process we executed to complete our detailed personal data map, design platform components that enable data minimisation and explicitly design choice architectures that optimise for different metrics and outcomes (i.e. optimising for informed understanding rather than encouraging people to actively bypass agreements as part of the sign up process), and
  5. Discuss some of the roadmap items we’ve documented to keep us focused on privacy and data protection as long term enablers of innovation

I realise this is long. I’d suggest watching it at 1.75 speed. For those of you who do commit, I trust it’ll be useful. For those of you unwilling (I totally get it), we’ll be producing snippets of content about this over the coming months. So keep a watchful eye.

As always, hit me up with comments, questions and queries.