There is a difference between data security and data privacy.
When I purchase something online, I want my debit card number to be secure.
However, I don’t have great expectations of privacy. The store knows what I bought. My bank knows it too. (Same as 20 years ago.) The information is on numerous servers and on my web browser’s history. So when an ad pops up for the same product during my next Google search, I don’t freak out.
But many people do. They do because they imagine the worse, however unlikely. And the media picks up on the fear because it sells. And because it generates visits to their website where they collect our information to sell it to advertisers. {Suckers}
When it comes to data, the ethics & compliance officer will team up with an IT security expert to create secure vaults. She will also team up with a privacy officer to comply with the myriads of laws and regulations. But like all things, the work should be motivated by positivity, not by fear. Dangling the risk of heavy penalties and reputational damage never did much to fight anti-competitive behaviors, corruption or safety risks. If all you do to drive your GDPR/privacy agenda is freak out about the penalties that the European Union might impose next year, you’ll want to reconsider that strategy.
True compliance progress is made when organizations decide who they want to be.
The Ethical Leader 