I discuss how privacy is a competitive edge for business in the next section from my article, “How to Use Privacy as a Business Differentiator” within my September issue of IT Compliance in Realtime Journal.
Download the PDF for a much nicer looking version…
___________________________________________________
Privacy as a Competitive Edge
Organizations in more industries are increasingly emphasizing within their commercials the ways in which their services or products are more secure than their competitors. It started primarily within the technology sector, but financial organizations have also used privacy as a marketing differentiator, as are some telecommunications organizations.
Organizations also are increasingly promoting security to overcome reputation damage caused by security breaches and data losses. In doing so, these companies are discovering that information security can be a competitive differentiator. Take Wells Fargo, for example. Because of their quick and effective response to a privacy breach they had in 2003, they set the bar high for how all other organizations need to respond to privacy breaches. This was back at a time just before California enacted the very first privacy breach notice law. So, without legally being required, Wells Fargo not only wrote notification letters to the individuals affected by the theft of a laptop computer but also called each one individually as well as provided them with 2 years of credit monitoring services. As a result, they had virtually no lost customers or negative press from the incident.
It is becoming clear that any organization that does not address privacy as a foundational business issue will find itself at a disadvantage. They will likely find their customers jumping ship to go to an organization that provides similar products and services but that demonstrates privacy practices and information security due diligence.
Any type of company that handles PII can use privacy, and the security that exists to safeguard PII, as a business differentiator if they truly do have safeguards in place to effectively protect PII. Consider this: having superlative security practices in place was the key factor for MassMutual Financial Group closing a $25 million 401(k) plan deal in 2007.
Organizations should not view privacy as a burden imposed upon them by the government with new and emerging laws and regulations. Instead, organizations should view privacy as a business opportunity to provide their customers with exceptional safeguards for their PII in ways that their competitors are not currently providing.
___________________________________________________
Tags: awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training