The nation’s leading organization of government, corporate and academic privacy executives — the International Association of Privacy Professionals — recently did what good groups do, it issued a report that validated the pursuit of the career it supports.  In “Benchmarking Privacy Management and Investments of the Fortune 1000,” the IAPP reminded all what has long been understood — privacy is an important and growing risk management activity under the watchful eye (mostly) of general counsels.  With $2.4 billions being spent this year and $3 billion next, it is a growth industry.

As a member of the IAPP, I welcome the news.  There is much to be done to achieve “regulatory and legal compliance” with the various and complex privacy laws and regulations in place in almost every nation on the planet.  It is no wonder why that goal is ranked either first or second on the list of all who participated in the survey and well ahead of the softer “marketplace reputation and brand.”  Compliance means fewer fines, less direct oversight and minimal distraction.

The problem, though, is that while reputation doesn’t as easily fit into a spread sheet analysis, it offers the better chance for a commitment to privacy to lead to increased  market share.  If the success of any privacy office is primarily a clean compliance record,  there is a danger that possible revenue growth will be the rare occasion and not an objective. Where risk mitigation can become an autonomic response from companies and institutions, brand support is learned behavior.

A study finding that is both concerning and counter-intuitive on this specific point is that mature organizations — those with more a history of the business-building role of revenue growth — see regulatory and legal compliance “as almost their exclusive focus.”  This is a missed opportunity.

At a time when privacy drives the story of corporate and government action, there is a chance to think of the investment in a privacy team, technology and training not as the finished product but as raw materials from which competitive advantage and customer loyalty can be built.  The stance by companies to publicly resist government requests for access to customer data is an example of how privacy can drive mind and market share.  Just ask Apple.

It may seem, in this age of the daily data breach (Target, Home Depot, Sony) that any company promoting privacy is akin to an airline advertising flight safety.  That is too glib an excuse to forgo the upside.

A commitment to privacy means giving consumers choice and control; it does not mean collecting, saving and using no data.  There is some agreement to be found in the fine print of the report: privacy executives feel they have little but would like more involvement in “corporate ethics, marketing and sales.”  They should be given that chance.