The Art of Selling Privacy
It’s not just about knowing what you’re selling but knowing who you’re selling it to.
Last week, Bamboo hosted a Privacy & Retail Workshop with several national retailers in attendance. This workshop was a huge success! The discussions in the room focused on privacy implementation in retail and facilitated the exchange of lessons learned and how to grow a business alongside privacy compliance. What stood out most to the Bamboo team was the undeniable truth of the shared challenge every retailer faces on the journey to bolstering their company’s privacy posture – communication.
Advocating for privacy within a retail company can feel like an uphill and lonely battle. Getting buy-in for privacy from various business functions and speaking a common language is often a significant hurdle. Whether they like it or not, Privacy Officers have a very similar role to the folks in the sales department; they must put their sales hat on, identify the personas to target, build a case for privacy, and sell that message.
Privacy often appears as a cost center to be dealt with as a last resort. The benefits of staying ahead of privacy regulations are not immediately tangible and to further complicate things, the privacy landscape is constantly shifting with evolving regulations and customer expectations. In this environment, shaping your privacy sales pitch is key. To succeed, a Privacy Officer must not only understand what they are selling—privacy compliance and its benefits—but also to whom they are selling.
Executive Language – Numbers and Metrics
A salesperson’s best tool is their voice and their ability to communicate persuasively enough to sell a product. When pitching to executives, the Privacy Officer must speak the language of numbers and metrics. Executives are concerned with the bottom line and big-picture regulatory compliance. To capture their attention, it is crucial to convey the importance of privacy through concrete data that illustrates the potential financial impact of privacy breaches, the cost savings from preventing such breaches, and the quantitative value of maintaining customer trust. Executives want to know the losses they would face, and this can be demonstrated through the lifetime value of a customer and how many customers a privacy risk will impact. What do these values translate to in numbers? If a Privacy Officer is selling privacy concerns to an executive without the use of metrics, then they will likely go home empty-handed. The lesson here is to go to the executive prepared with quantitative data. This strategy will require you to collaborate with individuals in the business who can help you present the numbers in the best way possible.
Communicating with Function Heads
Privacy should not exist in a silo or in isolation from other business functions. Getting privacy buy-in doesn’t just require a stamp of approval from the C-Suite; to be successful, it also requires collaboration with other functions in the company. Forming cross-functional teams that include members from IT, legal, human resources, audit, and marketing can ensure that privacy considerations are integrated proactively into every aspect of the business.
The marketing department has goals targeted at customer recruitment, retention, and engagement, and privacy is often perceived to be at odds with these goals. The best way to “sell” privacy to marketing heads is by communicating the foundation of customer relationships – trust. The Privacy Officer must highlight how integrating privacy into marketing strategies can build stronger customer relationships; and to further sweeten the deal, demonstrate that data transparency can actually increase customer trust and loyalty. The reality is that retailers are among the top industries that Canadians are most concerned about. A rapidly increasing percentage of consumers are beginning to care about and prioritize their privacy over a more personalized shopping experience. The 2023 IAPP Privacy and Consumer Trust Report highlighted that 74% of consumers want strong transparency around data governance from brands and more consumers are growing concerned about their privacy and data security.
Another key department that requires finding a common tongue is IT and security. When pitching the importance of privacy to the IT team, the Privacy Officer must focus on how privacy initiatives are a complementary component to IT’s mission and require an integrative thinking approach to amalgamate cross-functional goals (See Bamboo’s article: Integrative Thinking: The Cross-Pollination of Privacy and Security). To further strengthen communication with IT and avoid hurdles due to technical jargon, workshop attendees shared a successful strategy they utilize in preparation for these conversations, “It's important to stay educated when it comes to finding a common language with the technical folks”. Understanding the fundamental concepts of IT and security can help the Privacy Officer speak the same language as the IT team. This doesn’t require becoming a security expert, but having a basic grasp of key terms and technologies can make conversations smoother and more productive.
A Privacy Officer should also consider having an open line of communication with the audit team. In doing so, the audit team can assist the Privacy Officer in getting certain messages across to the executive team by highlighting risks that may be dismissed. The audit team may also be a great ally and conduit between the privacy office and another department in raising risks when the Privacy Officer is not having much luck.
Many of the attendees at our retail workshop echoed the same lesson from their privacy experiences, “It is extremely helpful to have Privacy Champions in place”. Upon the realization that selling privacy is a lonely process, many Privacy Officers quickly learned that it does not have to be. Having Privacy Champions in various functions, (coupled with regular checkpoints), solves the privacy silo challenge, and creates allyship in places where one desperately needs it. Privacy Champions open lines of communication about privacy developments and keep those lines flowing with information for the benefit of the whole company. This is something that Bamboo often advocates to our clients as we have seen real value in this practice.
Point of Sale Associates – Making it Practical
Customer-facing staff, such as sales associates, that interact directly with customers often handle sensitive information (e.g. financial information). A one-size-fits-all policy won't work for this group, especially if they are young and have less experience with privacy practices. Giving a teenager a 10-page privacy manual to read is not likely to have the intended impact on improving privacy practices at the point of sale (POS). The Privacy Officer should provide practical, relatable training scenarios and continuously update these based on real-world experiences. There are countless scenarios in which a sales associate can breach a customer’s privacy – including simply looking up a customer’s phone number in the POS system and reaching out to the customer on their personal device for social purposes. Customer-facing staff have hundreds of customer interactions every day. It’s important to stay consistent with practical training and convey important messages through channels that will best reach different groups of people based on their skillset and learning style.
Collaborating with Other Retailers – Building an Industry Network
Privacy Officers often feel isolated in their roles. Building a network with privacy professionals at other retailers (including competitors) can provide valuable support and insights. Sharing best practices and staying informed about industry trends helps ensure that privacy measures are robust and up to date. By fostering collaboration, Bamboo created a space where industry peers could learn from each other and collectively enhance their privacy strategies. Many attendees at this workshop expressed how invaluable it was to hear how other retailers were experiencing similar issues and the practices they employed to find the best solution. Bamboo will continue to host industry-specific workshops to bring privacy-oriented people to the table and have open and honest discussions about the challenges and successes of this complex field.
Just like a successful salesperson, a Privacy Officer must understand their audience and adjust their message and narrative accordingly. Selling privacy means making it personal and to do so, it is highly impactful to align your privacy pitch with the business goals and concerns of each department. It’s also important to find community and allyship in fellow Privacy Officers. The art of selling privacy is a tailored approach and ensures that privacy is not just seen as a regulatory necessity but as a critical component of your company’s overall success.