For years, leaders in business and government in the US have recognized the need for a federal data privacy law. Now, it looks like it might happen.
Regardless of whether the American Data Privacy and Protection Act (ADPPA) passes, organizations should evaluate their data-privacy priorities and how they communicate them.
Here's what communicators should consider before federal data privacy governance becomes a reality.
Prioritize Data Governance and Communication
The primary question organizations need to be prepared to answer: What data do you have and why do you have it?
Consumers are more privacy conscious today than ever. In addition, they want to know where their data is going and why.
The call to action? Communicators should collaborate with data governance and privacy teams today. Become a stakeholder in conversations about what data is stored and why it’s collected. Ask hard questions about data collection now. This will benefit your organization in the future.
In addition, communication professionals can help their tech colleagues understand the reputation risk of managing different types and volumes of user data.
Evaluate Your Value as a Partner
Not only does ADPPA reevaluate and guide how organizations collect and manage data, it puts service providers and third-party partners under the microscope.
As it currently stands, ADPPA requires organizations to conduct a thorough assessment of service providers and how they provide data to third parties. The need for trusted partnerships extends to communication: When companies share data, you become 'in it together' from a media perspective.
In fact, if a partner loses your customers' user data, the media story may very well focus on you. Each new partnership introduces a reputation risk. So, it’s important to conduct due diligence now.
Similarly, it is critical to have a process for understanding the data privacy policies and concerns of the companies you work with.
Know the Media Landscape
Ahead of communicating with the media, make sure you understand to whom you’re talking and how they approach the subject.
For instance, when engaging with technology and privacy reporters about your company’s data privacy, ensure you understand their point of view. Data privacy is a huge concern for their audience members, who are incredibly knowledgeable on the subject.
Second, bring your philosophy to the table. Make sure the reporters understand your company has thought carefully about data privacy.
Different Reporters' Pool
In the event of a cybersecurity incident, you’ll be working with a different pool of reporters. Cybersecurity reporters are intimately familiar with how breaches are reported. In addition, they will know the ins and outs of data privacy regulation.
Ahead of communicating with them, understand what the lifetime of a breach looks like, how stories will evolve and what information you should know now or soon.
Finally, when communicating within your industry, be ready to quickly educate trade reporters not well versed with cyber breaches. Work with them to lay out investigation timelines, your company's policies on data storage and other pertinent information.
Beyond these core tenets, organizations should have a point of view on data privacy and a corresponding communication framework. This is so regardless of whether or not ADPPA proceeds. A strong stance on privacy will build trust with stakeholders: customers, boards, employees and regulators.
There’s no hiding from the increasing focus on data privacy. So, act now to make communication easier down the road.
Kelly Miller is senior director, cybersecurity & data privacy communication, FTI Consulting.
Maggie Jenkins is senior consultant, crisis & litigation strategic communications, FTI Consulting.
Editor's Note: Kelly Miller will speak about data protection during a panel at PRNEWS' Measurement & Data Summit, Sept. 8, in New York City. Click for more information.