Written by Vanessa Santilli for Smith Business Insight on July 12

Given how organizations harvest data from our online activities like there’s no tomorrow, you would think that privacy concerns are a thing of the past. That’s not the case: how personal information is handled remains a contentious area that is far from resolved.

As an industry insider, Mitchell Merowitz says there’s a way that this tension point can be eased, but only if organizations accept and address the bigger picture.

“People are talking about privacy and data but, at the same time, they either don’t understand it or are not taking accountability for it,” says Merowitz, vice-president of corporate affairs at LoyaltyOne, a firm that designs and implements coalition loyalty programs, customer analytics, and loyalty services for global clients.

Merowitz knows about privacy. In addition to being responsible for corporate reputation and regulatory and legislative affairs, he spends a good deal of time on global privacy practices, overseeing the company’s database governance and international consumer privacy and data protection policies.

Cultural Transformation

As far as Merowitz is concerned, organizations need to transform the way they think about privacy and data. “The way we do that is by focusing on culture,” he told attendees at a culture of analytics conference organized by the Scotiabank Centre for Customer Analytics at Smith School of Business.

One of the first ways to bring about this change is by altering the domain in which data resides. “Today, privacy or data is in the hands of a privacy office, an IT office, a legal office, a risk management office, or a compliance office,” he says. “But we as privacy stakeholders made a mistake by allowing this to happen.”

Privacy is not only a business imperative, Merowitz says, but a social imperative as well. He says data leadership should be vested in C-Suite executives who are directly accountable to internal and external stakeholders. His rationale is simple: this governance model would better resonate with individuals and marketplaces, and essentially re-frame data privacy in aspirational terms rather than a matter of compliance or risk.

“If we transitioned from a protective and defensive environment and we talked about data and privacy in such a way as to further individual interests, societal goals, and objectives, we’ll take individual accountability and interest in data to the next level. We need to think proactively and positively.” Merowitz outlines three additional principles that should be at the core of a new and sustainable approach to customer data privacy.

Ownership

Discussing the concept of ownership tends to upset businesspeople, says Merowitz, but it is a critical topic for the good of our collective future. Around the world, consumers are pushing back and affirming that they own their data. “(They’re saying) I may have given an organization consent to use it, but the data is mine. It’s about time that organizations around the globe recognize this.”

Consent

In some markets, negative option still remains a preferred approach. This raises the issue: Should companies ask for permission to use data or does the act of posting or sharing data suggest consent?

“Whether it’s implied or expressed is a secondary focus here,” says Merowitz. “What matters is if you have somebody’s permission to use the data.”

Merowitz recalled delivering a speech to a group of chief privacy officers, during which he asked how many of their organizations had expressed consent for the data they regularly use. The answer was only 50 percent.

“In some markets, asking for consent can instill fear in the minds of business groups. It wasn’t that long ago in the Canadian marketplace that expressly asking for permission was taboo.”

Although individuals may be comfortable sharing their data with a company, this does not equate to the company having the right to use the information in any way its managers sees fit. At all times, they should use the data in the agreed upon manner. If they want to use it for a different purpose, the onus is on them to clear it with whomever owns the data.

Value Exchange

Individuals want to know, what’s in it for me? If they get something in return, people would more likely be willing to provide data. Merowitz cites a study about payment systems in which 50 percent of Canadians polled said they would provide companies more data in exchange for something of value to them.

This value exchange means that companies must ensure they are offering a win-win scenario.

The bottom line, Merowitz says, is that change must be transformative. All stakeholders need to set aside, or at least moderate, the protective, defensive, and prescriptive nature of the approach to data and its privacy that has evolved today. Data and privacy stand as a governance opportunity but firms must be able to engage in an open and receptive discussion.