Earlier this month the Information Commissioner’s Office issued a report on The Privacy Dividend which attempts to put a value on personal information and to assess the benefits of protecting privacy. The report uses four dimensions of value
- value as an asset to the organisation/data controller
- value to the individual/data subject
- value to other parties who might want to use it (legitimately or illegally)
- societal value as interpreted by regulators and other groups.
There’s an interesting chart on p.27 attempting to show “value as an asset to the organisation” drawn from reports of some of the recent stories on data breaches – usefully underpinned in Appendix A with the sources of data.
The second part of the report attempts to provide tools for business managers to make a business case for proactive privacy protection within the organisation. It includes some calculation sheets – which would have been better provided as a spreadsheet tool. A bit like the ICO’s earlier Privacy Impact Assessment toolkit, there is some potentially useful stuff here but it hasn’t been presented in a particularly user-friendly way.
Selling information governance is a bit like selling information/records management – the risks/sticks approach will only get you so far. I’m sure some of the wider issues around the “measuring the value of records management” work that JISC Infonet have been doing recently will also come into play here – see my earlier blog post as a jumping off point.
I’d love there to be some carrots stories in this area as well though. Last week I picked up a link via twitter to a piece in Harvard Business Review on Zappos’ approach to staff retention and customer service – well worth a read even if you’re not fanatical about footwear. Perhaps the nearest thing we have to a company whose against-the-grain approach to data protection (among many other things!) keeps their fanatical customers even more loyal: Lakeland Limited.
We never sell or give any personal information we have about you to any other company. You can rest assured that your credit/debit card and personal information are safe with us.
In the current political climate I don’t see any public sector organisations being able to say that any time soon. Producing decent “fair processing notices” – which describe what we will do with your data as a matter of course – is an area that all organisations could do with improving on as a very basic first step.
It’s always hard to illustrate blog posts on this kind of thing – so here’s a picture of some carrots stored in a Lakeland zip-seal freezer bag. I particularly liked that WordPress was “crunching” whilst the image was uploading…