Test Cookie policy: All websites across the EU are now required to ask your permission to place cookies on your machine, and you can refuse to give it.

We have limited Spanish content available. View Spanish content.

Privacy Management

Privacy concerns have become a hot topic globally as companies collect more customer data. Most companies gather data to understand their customers better, so they can provide customized service and distinguish themselves from competitors. However, some firms have been selling consumer data, prompting regulators to intervene.

Data privacy poses legal and reputational risks to companies, not to mention the risks that consumers face. Privacy management tools, which can range from software to more comprehensive solutions, can help companies build comprehensive data privacy programs that span multiple channels and touchpoints. The tools can evaluate whether companies are adhering to local and global privacy laws and to industry best practices. They also assure company leaders and customers that rigorous privacy standards are protecting consumer data, mitigating risks.

How companies use privacy management

  • Assessing data collection and usage practices. Companies use privacy management tools to evaluate their data collection procedures and forms, comparing them with best practices.
  • Building consumer confidence. These tools indicate to customers that a company takes privacy concerns seriously, building trust.
  • Analyzing privacy policies. Companies use these tools to ensure that privacy policies make sense across multiple dimensions, including product lines and regions.
  • Bringing policy in line with data needs. Privacy management tools help companies keep their policies up to date, so that they reflect the evolving data landscape.
  • Managing disputes and breaches. The tools track privacy breaches and customer incidents, ensuring that they are documented through the right channels and reported to the right owners or authorities.

Key considerations with privacy management

Companies must make careful choices when managing privacy, specifically:

  • Balance risk and data value. Companies must weigh security risks against the potential value of the data, considering the acceptable level of risk for each use case.
  • Embed security at the core. Security is a binary issue—either the data is secure or it is not. Companies must design security into systems and tools from the start. All types of data risk can be managed and should not be a barrier to implementing data-driven products and services.
  • Develop consumer trust. Leading companies provide a simple privacy promise to consumers, eliminate surprises, ask permission and give users sensible choices.
  • Set consumer expectations. Meeting legal requirements may not be sufficient. Consumer outcry often precedes legal changes. Executives should ask themselves, “Would I be worried if this appeared on the front page of a major newspaper?”
  • Coordinate privacy policies. A privacy policy’s scope depends on the company’s overarching data strategy. It’s important to coordinate policies across products, business units and operating geographies.
  • Build the capabilities. Companies might need to hire people with specialized expertise or adopt additional tools to embed privacy considerations into everyday operations. Companies handle privacy differently, and the level of centralization should reflect the company’s strategy.  
  • Stand up privacy programs. Leading companies often appoint a corporate ombudsman to monitor privacy ethics and standards. Some also name a chief data officer as well as a “privacy board” of credible outsiders who are charged with protecting users. Many hire an independent organization to conduct annual privacy audits.
  • Data privacy
  • Risk management
  • Big Data
  • Consumer trust

Want to continue the conversation

We help global leaders with their organization's most critical issues and opportunities. Together, we create enduring change and results