Rethinking Your Data Privacy Practices? Consider These Three Rules


Despite a rush of new data privacy regulations around the world, many organizations have yet to transform the way they collect user data. However, due to the digitization and interconnectedness of modern-day businesses, those that wait to transform their policies may soon find themselves in trouble.

“Waiting even a year or two to start building out a compliant data privacy and management program will cost more, take longer, and be more disruptive to your business operations than having to adapt strong, existing processes to legislative and cultural changes,” wrote Jodi Daniels, CEO of Red Clover Advisors, an organization that assists companies in simplifying their data privacy practices, in

Alternatively, organizations that start building the new regulations into data privacy programs “have a unique opportunity to market themselves as a forward-thinking, consumer-friendly industry leader,” she added.

Three Rules That Should Replace Your Current Data Privacy Practices

As organizations come under increasing pressure — both from regulators and the public — to transform their practices around data collection, they will need to start adapting new rules. Writing in Harvard Business Review, Hossein Rahnama, an associate professor at Ryerson University in Toronto, and Alex “Sandy” Pentland, the Toshiba Professor of Media Arts and Sciences at MIT, recommend that organizations should put:

  1. Trust before transactions: Many organizations currently collect troves of consumer data without obtaining user permission. However, as regulations become the norm, “data collected with meaningful consent” will become the most valuable data— given that it will become the only data that organizations will be allowed to use. As such, organizations will need to start creating processes in which they obtain explicit permission to obtain data, as well as a plan that clearly communicates with customers how their data will be used.
  2. Insight before identity: Organizations also need to make data transfer processes between themselves and other organizations more secure. Instead of transferring data through traditional data agreements, they should consider adopting technology like federated learning and trust networks that use algorithms to obtain insight from data without having to transfer the actual data.
  3. Flows before silos: Currently, chief information officers and chief data officers tend to work in silos. However, making the above changes should help them be able to break free of silos. By working with each other, they can better achieve a shared goal of obtaining the best possible insight from customer data.

    “For instance, a bank’s mortgage unit can secure a customer’s consent to help the customer move into their new house by sharing the new address with service providers such as moving companies, utilities, and internet providers,” explain Rahnama and Pentland. “The bank can then act as a middleman to secure personalized offers and services for customers, while also notifying providers of address changes and move-in dates. The end result is a data ecosystem that is trustworthy, secure, and under customer control.”

Is your organization ready to deal with the growing onset of new data privacy regulations? While you may think it’s smarter to watch and wait, preparing for them in advance is the best way to avoid potential problems in the future.

Data Privacy Engineering

IEEE has partnered with the IAPP to provide the IEEE | IAPP Data Privacy Engineering Collection to organizations. This unique training is designed to further educate technical professionals tasked with developing products so they understand, maintain, and protect data privacy throughout the R&D process. The program provides access to tools that allow the technical workforce to implement policies and processes for designing products that take ethical personal data use into consideration right from the start.

Learners will understand how to:

  • recognize the benefits and challenges of emerging technologies and how to use them while respecting customer privacy
  • establish organizational privacy practices for data security and control
  • learn practical knowledge and insights to address corporate privacy challenges
  • leverage the knowledge gained to develop products that take data privacy into account

Contact an IEEE Account Specialist today to learn more.

Plus, download this infographic from IEEE to discover ways how your organization can tackle data privacy regulations!


Daniels, Jodi. (3 March 2022). Why You Shouldn’t Wait to Build Out Your Company’s Data Privacy Function. 

Rahnama, Hossein and Pentland, Alex “Sandy.” (25 February 2022). The New Rules of Data Privacy. Harvard Business Review.

, ,

No comments yet.

Leave a Reply