London - Paris

Privacy Insights by Stewart Room

Privacy Insights by Stewart Room

Sharing Stewart Room’s Privacy insights with his authorisation. Stewart Room is Partner at PwC UK.

Top reasons to cherish concepts of privacy:

? Discovery and development: we need a private place to develop and grow, to experiment and to find out who we are.

? Happiness: our relationships with one another require a private place to kindle, to sustain, for love.

? Sanctuary: a private place is a refuge from persecution, intolerance, abuse and harm.

? Disagreement, dissent: sometimes people need to resist or fight back against dictators, demagogues and dystopian potentials, for which privacy is essential.

? Trust in tech: amazing tech innovations have the capacity to change the world for the good, but not without privacy trust and confidence.

? Consumer protection: personal data fuels business and public services, but its our data, not theirs, so privacy rules protect us from abusive practices.

? Reputation: respecting privacy enhances reputations, from policing, to the workplace, to online activities and everything in between.

? Business purpose: creating and sustaining economic value for the long term can’t be divorced from the need to respect privacy.

? Our values: privacy is a fundamental right in a democratic society, upon which everything stands or falls, so it’s a differentiator between what we value and what we would dread to become.

Top reasons why Data_Protection programmes fail to deliver:

? Purpose: if an organisation doesn’t understand why a good approach to DP is integral to its purpose, how can we expect good outcomes?

? Tone from the top: leadership is everything, but if the Board won’t lead on DP, what’s there to follow?

? Skills: DP needs a multi-disciplinary team to deliver, so if key skills are lacking, problems will embed.

? Silos: silos mean behavioural, virtual and physical barriers standing in the way of DP success.

? Vision: yes, DP is a legal topic, but in the real world it needs more than a legalistic vision.

? Narrow and shallow transformation: DP needs to be delivered in all layers of the organisation, covering paper, people, tech and data, so change needs to be broad and deep.

? Technology Reference Architecture: a comprehensive approach needs a TRA, so if you haven’t got one, don’t be surprised by DP failure.

? Special Characteristics: buying off the peg is ok at times, but DP needs ‘made to measure’ solutions, knowing the factors that make your organisation unique.

? Adverse Scrutiny: DP needs to survive adversity, so ignoring your risks is a recipe for disaster.

? People: the main concern of DP is people and if you forget that, you’ve got nothing.

Top things that make #privacy professionals sigh:

?‍♂️ New oil: sorry, personal data isn’t oil, or some other kind of commodity that can be owned then exploited and until you understand that, you just won’t understand anything about privacy, period.

?‍♀️ GDPR is done: GDPR has barely started, so get real and stick with the programme, because there’s a 50 year history here and its not going away. ?‍♂️ Privacy activists are a pain: if they are, then power to them, because they do a good job and we need them.

?‍♀️ X owns privacy: no, everyone owns privacy. ?‍♂️ Decades of experience: really, tell us about it.

?‍♀️ Security or privacy: a false dichotomy, a mantra for a surveillance society or police state. ?‍♂️ Security is privacy: nope, still wrong, keep trying.

?‍♀️ They’re jumping on the bandwagon: hey, this is a community and everyone is welcome, so lend them a hand. ?‍♂️ Consent is best: yes, consent is important, but it’s not the only route to lawfulness and certainly not the best or appropriate route in all circumstances.

?‍♀️ Leading privacy expert: it’s not yours to claim, but for others to think. ?‍♂️ Privacy stymies innovation and competitiveness: ok, prove it.

?‍♀️ We need fines: we don’t, we need a change of mindset.