Why Does Data Privacy Matter? It’s About R-E-S-P-E-C-T

January 13, 2023

People seem to take up residence all over the privacy spectrum. Some are fiercely protective of it, others post daily details of their lives with a handful of smart devices, and plenty fall right in between. With the world flipping fast to digital, heavier sharers are beginning to think twice about trading personal information for convenience and “likes,” especially at a time when customer names, emails and passwords are included in an estimated 44% of all data breaches.


As custodians of personal data, organizations must logically bear the brunt of responsibility for protecting it. In tandem with sweeping digital transformation, the past five years saw exponential growth in data privacy laws that spun a global patchwork of regulations and requirements. Importantly, at the root of these protocols lies the concept of “respect,” that is, a focus on respecting consumers, employees and third parties.


Just like in the physical world, respect in the digital world is earned. Organizations can go a long way toward building trust around how data is collected, used and shared by providing individuals with more transparency, choice and control. Ahead, we’ll dive into all three.




People constantly share personal information with other entities (businesses, employers, governments) at a rate that’s only increasing. For individuals, it’s reasonable to question how this data is being used and with whom it’s being shared. There’s also a digitization dynamic where organizations may seek to extract further value from already-retained data. Should the purpose of this extraction stray from the data’s original purpose, someone’s privacy can be violated.


Given these competing factors, it’s more imperative than ever to maintain transparency around data collection, processing and sharing activities. Without transparency, organizations run the risk of alienating their patrons once they become aware of events relating to the use of their personal information, such as negative press, regulatory investigations or data breaches. To help mitigate these risks, organizations can offer individuals choices about how their data is processed.




While organizations often provide options on how their personal data is leveraged for marketing purposes, new regulations require more granularity to offer them increased autonomy over the process. These additional choices, such as opting out of sharing data with third parties or advanced advertising practices (i.e., geolocation or behavioral indicators), do help address regulatory requirements, but they also allow patrons to feel valued and respected while maintaining control of their data.




Alongside choice, organizations can offer consumers control through a tailored experience where users adjust their data-sharing preferences. As attitudes and viewpoints continue to change, it’s becoming essential to support the user’s ability to decide the activities connected to their account, purge information when possible and configure settings that align with personal preferences or comfort levels.


Because privacy is a fluid concept, individuals should also have the ongoing ability to offer feedback regarding practices, experiences or decisions around the processing of their data. For example, while some targeted advertisements may appeal initially, consumers should have some control over their delivery and profiling techniques. Retaining control of their data, they’ll feel more secure when sharing information that may be personal or sensitive.



In Closing

Data privacy is foundational to defining relationships in the new digital world. Such relationships warrant mutual respect and recognition that an individual is an actual person, and not just a means to an end. This reinforces that, beyond the latest regulatory requirements, strong privacy programs are best grown organically. When organizations focus on building trust and rooting it through respectful transparency, choice and control, their patrons are empowered with more autonomy and safety — plus confidence to do business.

Jennifer Mahoney
Jennifer Mahoney has 18 years’ regulatory compliance experience in both consulting and enterprise environments. Her experience ranges from small businesses to Fortune 50 corporations particularly in the technology, state and local, manufacturing and pharmaceutical verticals. Areas of expertise include the General Data Protection Regulation (GDPR), the California Privacy Rights Act (CPRA) / California Consumer Privacy Act (CCPA), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach Bliley Act (GLBA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and many others.

Optiv Security: Secure greatness.®

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.

Related Insights



PCI DSS 4.0 Is Here: When Does My Company Need To Be Ready?


Some companies should update to PCI DSS v4.0 now, while others should wait. This post features helpful details and advice on how to begin preparing.



PCI DSS 4.0: A Primer


The new Payment Card Industry Data Security Standard – version 4.0 – has been released. This post explores the details of the new standard.



Payment Card Industry (PCI) Advisory Services


Our PCI Advisory Services can build around your specific context, helping you to untangle competing requirements from multiple regulations.