Privacy isn’t just a compliance thing. It’s actually about innovation

Nathan Kinch
Greater Than Experience Design
4 min readAug 10, 2020

Update on original post: So far the openness of our PIA has been applauded by many within the community. However, we also received some feedback about this post. Specifically, that it didn’t ‘describe’ how privacy could be more than a compliance agenda. These individuals didn’t want to watch the entire video to ‘get it’ (a justifiable perspective), which was really what we originally optimised for. They wanted something shorter and more focused on the title above (i.e. how is privacy more than a compliance thing?).

Going forward, we will be producing snippets of this type of desired content on our own channels. We’ll also be doing this on other channels with the support of others. These will be published progressively. The content you now see below is slightly evolved from its original form. Hopefully it’s a solid iteration based on the feedback we received…

Here’s the backdrop. Trust disproportionately impacts bottom line business outcomes. Yet trust is at an all time low. Ethics is 3x more important than competence when it comes to trust. Yet organisations under invest in ethics. Organisations are more reliant than ever before on customer data. Yet consumers are more concerned than ever about how their data is being used. This has resulted in a data trust gap.

There’s a growing body of evidence to suggest that thoughtful privacy and data protection practices are driver of ‘business value’. Whether you look to older reports like Operationalising Privacy by Design (2012) or Cisco’s recent work referenced in the image below, the rhetoric is pretty consistent. For every dollar spent investing in privacy and data protection initiatives, there seems to be a positive ROI (although, there are a lot of limitations with the data we have on this. the biggest issue tends to be that organisations aren’t exactly super open by design… More on that in another post). This ROI can be the result of positive PR (that results in positive brand/consumer sentiment, an increase in shareholder value etc.), better protection against downside risks like data breaches (which, evidently, costs a lot of money in cash, stock price, lost customers etc.) or a variety of other metrics (this will depend on the organisation in question).

Some will argue that the #privacyparadox is alive and well. We think this view is inaccurate, largely because it reflects a surface level understanding of the broader sociopolitical context. We’re much more aligned to the University of Pennsylvania’s perspective on The Tradeoff Fallacy (2015), or the more recent work from two thirds of that publishing team on Digital Resignation.

https://blogs.cisco.com/security/gdpr-one-year-on-what-have-we-learned

Yet so often, whether within an early stage startup or significantly larger organisation, privacy remains an afterthought. Privacy and Data Protection are too rarely ‘by design’.

If you know us, you know we think about this a lot. It’s important to us. It’s directly related to the unique services we’ve been delivering to market through Greater Than X.

So, as part of the new platform we’re launching, we’re keen to demonstrate that data ethics, privacy, and data protection are embedded in how we think and act on a daily basis.

One piece of this complex, nuanced and never finished puzzle is our upfront Privacy Impact Assessment. We commissioned Nicole and the team at GroundUp Consulting to lead this for us.

The video below is an almost two hour recording of Nicole presenting the draft PIA to Mat and I (this was the first time we saw it in this state). In this session we:

  1. Discuss the recommendations
  2. Debate different interpretations and actions
  3. Visibly share detailed outputs, like our Data Protection Notice and Relationship Agreement
  4. Share insights about the tools (i.e our Better Disclosure Canvas) we used and process we executed to complete our detailed personal data map, design platform components that enable data minimisation and explicitly design choice architectures that optimise for different metrics and outcomes (i.e. optimising for informed understanding rather than encouraging people to actively bypass agreements as part of the sign up process), and
  5. Discuss some of the roadmap items we’ve documented to keep us focused on privacy and data protection as long term enablers of innovation

I realise this is long. I’d suggest watching it at 1.75 speed. For those of you who do commit, I trust it’ll be useful. For those of you unwilling (I totally get it), we’ll be producing snippets of content about this over the coming months. so keep a watchful eye.

As always, hit me up with comments, questions and queries.

--

--

Greater Than Experience Design
Greater Than Experience Design

Published in Greater Than Experience Design

Insights on the intersection of data ethics, privacy and design from the team at greaterthanexperience.design

Nathan Kinch
Nathan Kinch

Written by Nathan Kinch

A confluence of Happy Gilmore, Conor McGregor and the Dalai Lama.

Responses (1)