Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Privacy As A Business Differentiator | Main | PII Encryption Required by New Massachusetts and Nevada Laws »

Privacy as a Competitive Edge

I discuss how privacy is a competitive edge for business in the next section from my article, "How to Use Privacy as a Business Differentiator" within my September issue of IT Compliance in Realtime Journal.

Download the PDF for a much nicer looking version...

___________________________________________________

Privacy as a Competitive Edge

Organizations in more industries are increasingly emphasizing within their commercials the ways in which their services or products are more secure than their competitors. It started primarily within the technology sector, but financial organizations have also used privacy as a marketing differentiator, as are some telecommunications organizations.

Organizations also are increasingly promoting security to overcome reputation damage caused by security breaches and data losses. In doing so, these companies are discovering that information security can be a competitive differentiator. Take Wells Fargo, for example. Because of their quick and effective response to a privacy breach they had in 2003, they set the bar high for how all other organizations need to respond to privacy breaches. This was back at a time just before California enacted the very first privacy breach notice law. So, without legally being required, Wells Fargo not only wrote notification letters to the individuals affected by the theft of a laptop computer but also called each one individually as well as provided them with 2 years of credit monitoring services. As a result, they had virtually no lost customers or negative press from the incident.

It is becoming clear that any organization that does not address privacy as a foundational business issue will find itself at a disadvantage. They will likely find their customers jumping ship to go to an organization that provides similar products and services but that demonstrates privacy practices and information security due diligence.

Any type of company that handles PII can use privacy, and the security that exists to safeguard PII, as a business differentiator if they truly do have safeguards in place to effectively protect PII. Consider this: having superlative security practices in place was the key factor for MassMutual Financial Group closing a $25 million 401(k) plan deal in 2007.

Organizations should not view privacy as a burden imposed upon them by the government with new and emerging laws and regulations. Instead, organizations should view privacy as a business opportunity to provide their customers with exceptional safeguards for their PII in ways that their competitors are not currently providing.

___________________________________________________

Tags:                
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on September 25, 2008 2:30 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/817

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.