Keep calm and protect data: Prioritizing privacy during uncertain times

There is no doubt that the political environment, including elections and new administration priorities, impacts privacy. Changes in party leadership, for example, can increase or decrease regulator enforcement, add/modify/subtract laws and requirements, increase or decrease public discussion, and impact focus areas for new laws and enforcement priorities.  

For example, there was quite a lot of discussion about how the United States November presidential election could impact privacy in advance of that election, pointing to the effects of possible changes to enforcement agency leadership, probability of a federal privacy law, and the possibility of enforcement emphasis on Big Tech. Similarly, the 2024 United Kingdom (UK) election spurred debate about possible outcomes for digital and data policy if one party were to win versus another.  

A new government, or the prospect of a new government, can bring uncertainty into any compliance program. Especially in the privacy space, which can be turbulent in the best of times, new government can increase or decrease the risk of compliance by increasing or decreasing probabilities of new requirements and enforcement.  

Despite this volatility, however, compliance programs can rest assured in continuing along the path of planned privacy compliance for these good reasons: privacy is more than compliance, privacy is here to stay, and sound programs are timeless.  

Privacy is more than compliance

While changes in government have the potential to impact new laws and enforcement priorities, changes in government have little to no impact on how people – regular people who are concerned about their personal data – think about privacy. Laws or no laws, enforcement or no enforcement, people continue to care about privacy and expect the companies with which they do business to treat privacy seriously.

In other words, though compliance with legal requirements may always be a component of any privacy program, complying with customer expectations related to privacy will continue to be central to the Return On Investment (ROI) of a privacy program. Privacy done well earns customer trust, and customers engage with and buy from companies they trust.  

The other side of this equation – data protection done poorly – not only translates to lower customer engagement but also can result in lower stock price and higher costs. For example, a data breach can cost millions to address and result in dramatically lower stock prices when the news hits media channels.  

Privacy is here to stay

Even given cyclical ups and downs related to new laws and regulator attention, privacy is here to stay. There is no probable future in which companies will cease to need a privacy program. Data is and will continue to be a major driver of business decisions. Artificial Intelligence (AI) continues to improve and expand, and along with the expansion comes more responsibility related to how AI trains and operates on personal data. This means that privacy concerns and the privacy programs that address those concerns will never disappear. More likely, they will grow exponentially.  

Sound programs are timeless

Despite bullet train-speed in technological changes related to data and new privacy requirements around the world, it is amazing to consider for a moment that the core Fair Information Practice Principles (FIPPs), which serve as a basis for privacy laws in all jurisdictions, remain valid.

Transparency, individual participation, authority, purpose specification/limitation, minimization, quality/integrity, access/amendment, security, and accountability are all concepts that apply as well today as when they were created in the 1970s.  

Similarly, a privacy program that addresses these core principles and the operational mechanisms that make it possible for an organization to apply them in the real world is also timeless. That is not to say that technology, laws, and culture changes will not impact how an organization applies the principles. However, a methodical, thoughtful privacy program that keeps in mind the central principles of privacy, while making small adjustments for changes in the internal and external environments, will remain relevant across the years.  

In fact, one could argue that a privacy program should not swing dramatically back and forth in response to every new change in the political environment. Adjustment takes time, and considering that politics are always cyclical, a privacy program that swings back and forth in the political wind will always be behind the curve.

However, a privacy program that adheres to core principles, makes small adjustments according to internal and external changes, and progresses along the maturity scale in a thoughtful manner will be more scalable, efficient, and timely.  

Summary

Though changes in political environments can create fear, uncertainty, and doubt related to all compliance activities, these changes do not have to impact an organization’s privacy plans dramatically or negatively. After all, while governmental changes may impact which laws passed and how strongly regulators enforce different privacy topics, these changes do not change the underlying truth: privacy is a business advantage. Companies that treat privacy with the importance that it deserves will reap the benefits of consumer trust – customer engagement and purchases.  

Also, while administrations may build or lose focus on privacy issues, depending on other priorities, people will always be interested in protecting themselves and their families. This means that people will continue to care about their own privacy and that of their loved ones – now and in the future.  

Furthermore, while laws and political priorities can be pendulums, swinging back and forth across administrations, the core concepts of privacy remain constant. Technology and legal advancements change the application of these concepts, but the concepts themselves are valid over time. A privacy function that bases activities on core privacy concepts will avoid instability while still having the agility necessary to adjust over time.  

In other words, even though changes in the political environment can tempt organizations to dramatically re-evaluate their compliance activities, there is no need for these political changes to create churn for the privacy function. Rather, the phrase to consider is: Keep Calm and Privacy On!