Certainly, when it comes to making the business case for enacting data privacy and protection processes, many were hoping for something more out of the report. In fact, if they could have downloaded a business case that just needed their company name added to the front page, they would have been happy.
Instead, the report provides a framework for thinking about how to build a business case and lays out the various dimensions in which cost and value are to be found. It provides the philosophy – companies will have to provide their own practice.
Case studies are the most obvious absentee from the report. According to one of its authors, Dr John Leach, it was not possible to find a source with a fully worked-through scenario who was willing to share actual figures. I have my own doubts about whether there are any organisations in the UK who have developed their data strategy from the basis of a prior business case, rather than applying post-hoc justification.
To try and draw out more from the report and what it might mean to the data industry, Leach will be the keynote speaker at this year’s Data Summit in June. With a bit of effort on the part of sponsors and delegates, it may be possible to fill in some of the gaps in the report with real-life examples.
In trying to convert theory into practice, one of the biggest requirements will be to identify if there is a cause-and-effect connection between privacy and the bottom line. We all believe that doing the right thing with customer data leads to more and better business. But can this be expressed in figures that will convince the finance director?
Whatever your own views about the “Privacy Dividend”, it does achieve one important thing – getting the data industry to stop seeing data either on a parochial, tactical level (ie, as just a resource for marketing) or in terms of its physical protection. Privacy is a cultural construct, for companies, regulators and especially for individuals. That is what really counts.