Privacy Judo

September 13th, 2018 / Author: John Berard

The only thing I know about judo is that it “emphasizes winning in combat by using your opponent’s weight and strength as weapons against him, while preserving your own mental and physical energy.” Since having read that description almost 20 years ago, I have returned to the lesson often when confronting bigger, better funded and more well-known competitors.

The insight also holds when the “competition” isn’t another company or candidate, but a regulation, social movement or scientific research that might slow or stop a market initiative. The approach is freshly relevant with the arrival of new privacy regulations, first in Europe and now in California. Though different in many aspects (for example, the penalties are far higher in the European law), the laws are similar enough that being responsive to one makes it easier to be responsive to the other.

Being responsive to regulation has only ever been viewed as a way to reduce risk. That’s where a little judo comes in.  By turning the apparent burdens of the new laws into competitive advantages, companies can not only reduce risk but create revenue and enhance customer loyalty.  Here are just two examples:

First, who’s in charge?

The European law requires that someone be named data protection officer, California requires that there be at least two ways to contact a company.  The goals overlap in making sure consumers can easily get the answers they seek. Having to hire someone at a time when everyone else is looking for someone with the same skills can be time-consuming and expensive. Even just re-tasking someone to manage the program can stretch resources. The mood is likely, “I can’t wait to be done with this.”

“Being done with it” ignores the opportunity the heavy lift presents. Regulatory requirement should be turned into a marketing advantage. By hiring/designating people to fill privacy posts who have the skills also to be the public face of privacy, the cost becomes an investment.

As privacy is now a “beat” for reporters, it is an in-demand topic at industry conference, it is an industry unto itself and it has an ability the affect share price (just ask Equifax a year later), public fluency about a company’s commitment to privacy, not just meeting its regulatory requirement, can add to the bottom line.

Second, what do you know?

In Europe and the U.S., in order to be responsive to customers’ requests for access to information about them, companies will have to catalog the information they collect and hold. Again, that’s the heavy lift, but it’s only half the story.

Once a company is in position to answer those who ask, why wait until they ask? As U.K. regulators have measured, people are going to ask.  As James Earl Jones in “Field of Dreams” assured Kevin Costner that he’d not built a baseball diamond in vain, “They will come. They will most definitely come.”

They ask because they are suspicious or angry or even litigious. But if they are given the chance to see their file without having to ask, they’re more likely to be curious or surprised or even helpful in correcting errors; maybe even less likely to initiate other consumer rights like “data portability” or “opt-out”.  LinkedIn has built quite a business by giving individuals the opportunity to manage their information, building a more accurate and useful database for all.

The value of thinking about these new laws as not just a drag on commerce is that almost every country on the planet has or is planning privacy legislation of its own. Many will be based on the form and focus of the European law and the first companies to move as quickly will have a chance to create generational market advantage.