What is the evidence that businesses operating in the digital sphere need a paradigm shift regarding privacy in the year ahead? This is an important question to start with, because we’re all familiar with the sage wisdom summed up by the old adage, “If it ain’t broke, don’t fix it.” That outdated mindset, however, isn’t what will allow us to move forward. As far as evidence, a few crucial points stand out:

One, the amount of time consumers are spending online. They are on their computers more, shopping more, watching more, ordering more food, using more telehealth services, and banking online more. Many of these trends started prior to the coronavirus pandemic but accelerated significantly because of it. The increase in internet traffic equates to increased risk all around — for consumers, brands, and any organization with a digital presence. The risk is not only for compromised data but for misused data, with potential consequences ranging from lost customers to breakdowns in democratic processes.

Two, the continued increase in cybercrime. As if it wasn’t a big enough problem prior to 2020, here’s a disconcerting statistic: the number of malicious registrations grew 569 percent between February and March of last year, and the number of high-risk registrations by 788 percent. The Secretary General of INTERPOL said, “Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19.”

Three, the fact that most consent frameworks currently in use are outdated, inefficient, inconsistent across consumer touchpoints, or all of the above. This problematic state of affairs is defined largely by a lack of discipline — it hasn’t been strictly necessary for companies to ensure that their privacy policies and data management techniques are cohesive and effective, so it’s a task that’s fallen by the wayside.

So, what can we do about it? How do we shift out of what is essentially still a Wild West-style privacy paradigm towards one that benefits both consumers and providers, and what strategy can brands adopt in order to maintain consumer trust?

The question is vital, because once trust is lost, it’s gone forever. The answer is relatively simple: we embrace privacy by design.

What is privacy by design?

Most platforms today were not built with consumer trust in mind. To the extent that privacy and consent represent a concern for the businesses that operate these platforms, frameworks and tools for managing them are often tacked on as an afterthought. Inconsistency, inefficiency, and underdevelopment — the problems mentioned above — are often the direct results of this process.

Privacy by design is the opposite; it is an engineering approach that proactively embeds cutting edge data and consent practices into systems, infrastructure, and business processes. To use an analogy, a padlock and key won’t do much good if there are open windows around the side of the building. Privacy by design recognizes that the padlock by itself can only provide a false sense of safety and instead aims to create a fully integrated, secure structure.

How to improve legacy systems

Here’s another good question: if privacy by design is proactive, is it possible to incorporate its principles into pre-existing frameworks? The answer is yes, and ironically, this style of design and engineering is more common, since most organizations can’t feasibly replace their entire technology stacks without major repercussions. As a result, doing retroactive design work on legacy systems and infrastructure is the ideal route for many companies, and to go about it, there’s a powerful and effective three-step process.

Ensure a multidisciplinary effort

Despite the fact that we’re talking about both a tech and information problem, privacy by design is not something that a CIO or CTO can undertake on their own. It’s also a financial problem that requires the guidance of the CFO, an executive problem that necessitates the decision-making power of the CEO, a marketing problem that needs oversight from the CMO, and a supply chain problem that must be embraced by the CPO. Executives in smaller firms may wear several of these hats at once, but for larger organizations, it’s crucial that there is support and collaboration across all departments. Wherever silos exist, they must be broken.

Complete a data management audit

In this scenario, a top-to-bottom assessment is needed, and a laundry list of questions must be answered:

• Where is data being collected?
• What data is being collected?
• Is there a legal right to its collection?
• Has consent been provided?
• Where is the data stored?
• Do third parties have access to it?
• Do you need the data?
• How are you using it?
• Are policies aligned across touchpoints?
• Do consent requirements differ depending on where a customer enters the life cycle?

If you don’t have all the answers to the above, you can’t move forward. Not only that, but it’s an open invitation for the establishment of information silos and fault-lined systems ripe for data breaches and compliance issues.

1. Implement

This step is purposefully broad due to the fact there are a number of ways it can be accomplished. It’s certainly possible for an organization to build its own consent and data management system from the ground up, and in some cases, that may be necessary. In many others, it’s a matter of working alongside technology providers to find ways in which existing operations and touchpoints can be upgraded and streamlined.

Barriers vs. benefits

Like any form of digital transformation, adjusting to the privacy by design paradigm can be challenging, and it may help to treat it as an iterative process through which assessments and improvements are made continually. Put simply, the worst thing that companies and brands can do is rely on existing frameworks to continue to be sufficient. Following increasingly severe breaches — costing companies over $8 million USD on average — and growing privacy management concerns within the general public, this is not the time to be flat-footed in regard to consumer data; it is the time to design a better solution for tomorrow.