The 7 Deadly Sins of Privacy Leadership: How CEOs Enable Data Breach
Technology is not the root cause of identity theft, data breach or cyber crime.
Too often, technology is our scapegoat, providing a convenient excuse to sit apathetically in our corner offices, unwilling to put our money where our profits are. Unwilling, in this case, to even gaze over at the enormous profit-sucking sound that is mass data theft. The deeper cause of this crisis festers in the boardrooms of corporate America. Like an overflowing river, poor privacy leadership flows inexorably downhill from the CEO, until at last, it undermines the very banks that contain it.
The identity theft and data breach bottom line? Corporate boardrooms across America care about the loss of people’s personal data about as much as Ford cared about recalling the Pinto when they began exploding on rear impact. Hey, it was cheaper to fight the lawsuits from the surviving relatives than re-engineer the gas tank. And it’s cheaper to take a tax write-off on fraud-loss line items than to dig this weed up by the roots. We fail to see the connection between privacy breaches and larger profit hits — liability lawsuits, brand damage, customer flight, stock depreciation, loss of trust in the company, bad press, etc. Just ask TJX, who has spent well over $500 million recovering from their data breach – a breach that could have been prevented with only tens of thousands of dollars.
In clearer terms, poor leadership (not technology) is the primary factor leading to data breach. And we stand by, you and me both, mostly silent and submissive, as corporation after corporation loses our private data. We suffer the consequences. It is our credit that is destroyed; our time wasted dealing with law enforcement, credit bureaus, collection agencies, bankruptcy courts, criminal charges and the deep and personal violation of being the victim of a crime that no one really cares about. It makes a great news story, but only because we can deny that it will ever reach us.
Millions of years ago we evolved from the primordial slime with a backbone built for standing up to our challenges. Why, all of a sudden, has our backbone disappeared? We’ve built the Great Wall of China, landed on the moon, eradicated polio and elected the first African American, Barack Obama, to be President of the United States. But we can’t protect the customer data, employee records and intellectual capital that gives our corporations their value? That underlies our capitalist economy? Information is our most valuable asset, but god forbid we invest in a privacy strategy to protect that asset.
The 7 Deadly Sins of Prviacy Leadership: How CEOs (and other Executives) Enable Data Breach
As an identity theft speaker who travels the country speaking on this topic, I’ve noticed that a majority of corporations experiencing data breach and workplace identity theft share similar weaknesses in their overall privacy fabric. You have an opportunity to learn from their mistakes before they become yours. Begin by asking yourself whether you (as a leader) or your organization suffers from any of the 7 Deadly Sins:
- Apathy – a disturbing lack of care for and attention to a crime you incorrectly believe will never seriously impact your bottom line. If you have never had a corporate-wide privacy education initiative, you are a prime candidate for this weakness.
- Ignorance – many leaders refuse to admit that they don’t know what they don’t know. For example, do you know the value, location and confidentiality of your sensitive data? Do you know how it is protected, how long it is maintained and why you keep it in the first place?
- Arrogance – some executives see themselves as champions of data privacy because they have a strong IT department, but fail to see that privacy doesn’t exist in a silo. Does your organization tend to believe that data privacy is the realm of the I.T. Department? If so, you are overlooking other critical functions (human resources, sales, intellectual property, legal compliance) that are touched by privacy concerns on a daily basis.
- Greed – many CEOs are the first to violate the very privacy policies that they champion. Have you ever surfed unprotected at the airport? Do you shred every piece of sensitive data that goes in your trash? What passwords are stored in your BlackBerry?
- Hypocrisy – many CEOs are the first to violate the very privacy policies that they champion. Have you ever surfed unprotected at the airport? Do you shred every piece of sensitive data that goes in your trash? What passwords are stored in your BlackBerry?
- Paralysis – some companies and executives have difficulty breaking old habits and, by default, choose to perpetuate high-risk data practices. Do you collect certain private information simply because you always have? Have you ever re-evaluated your hiring policies to take corporate espionage, workplace identity theft and insider fraud into account?
- Procrastination – Even executives who care about, educate themselves on, admit to, have the budget to invest in and personally practice data safety… never get around to doing something about it at the corporate level. When you are finished with this article, how will your behavior change? Will you get to it later?
This is not an easy topic, but running an organization isn’t an easy task. Leaders that guide their corporations to develop a privacy strategy that avoids these security sins will achieve a long-term competitive advantage in the marketplace. And in the marketplace of ideas, in the oft-proclaimed information economy, what better asset to protect than our private information?
John Sileo is a victim of The 7 Deadly Sins of Data Privacy. After losing his business to data breach and his reputation to identity theft, John became America’s leading identity theft speaker. He uses his gripping story, first-hand experiences and humorous interaction to inspire audiences around the world to protect corporate data as if it were their own. His clients include the Department of Defense, FDIC, AARP and Pfizer. Learn more at www.ThinkLikeASpy.com.