Engagement with privacy and security within organizations has not kept pace with the increasing demands from regulations. As a result, organizations often find themselves saying they support privacy and security engagement but struggling to create behavioral changes in their staff.
However, with new privacy and security requirements proliferating globally, we can’t help but wonder how much longer we can carry on with this approach.
Our Advice
Critical Insight
To truly take hold, privacy and security engagement must be supported by senior leadership, aligned with business objectives, and embedded within each of the organization’s operating groups and teams.
Impact and Result
- Develop a defined structure for privacy and security in the context of your organization, your obligations, and your objectives.
- Align your business goals and strategy with privacy and security to obtain support from your senior leadership team.
- Identify and implement a set of metrics to monitor the success of each of the six engagement enablers amongst your team.
Embed Privacy and Security Culture Within Your Organization Research & Tools
Start here – read the Executive Brief
Read our concise Executive Brief to find out why you should develop a culture of privacy and security at your organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.Besides the small introduction, subscribers and consulting clients within this management domain have access to:
- Embed Privacy and Security Culture Within Your Organization – Phases 1-3
1. Define privacy and security in the context of the organization
Use the charter template to document the primary outcomes and objectives for the privacy and security engagement program within the organization and map the organizational structure to each of the respective roles to help develop a culture of privacy and security.
- Privacy and Security Engagement Charter
2. Map your privacy and security enablers
This tool maps business objectives and key strategic goals to privacy and security objectives and attributes identified as a part of the overall engagement program. Leverage the alignment tool to ensure your organizational groups are mapped to their corresponding enablers and supporting metrics.
- Privacy and Security Business Alignment Tool
3. Identify and track your engagement indicators
This document maps out the organization’s continued efforts in ensuring employees are engaged with privacy and security principles, promoting a strong culture of privacy and security. Use the playbook to document and present the organization’s custom plan for privacy and security culture.
- Privacy and Security Engagement Playbook
Infographic
Workshop: Embed Privacy and Security Culture Within Your Organization
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
1 Determine Drivers and Engagement Objectives
The Purpose
Understand the current privacy and security landscape in the organization.
Key Benefits Achieved
Targeted set of drivers from both a privacy and security perspective
Activities
1.1 Discuss key drivers for a privacy and security engagement program.
1.2 Identify privacy requirements and objectives.
1.3 Identify security requirements and objectives.
1.4 Review the business context.
Outputs
Understanding of the role and requirements of privacy and security in the organization
Privacy drivers and objectives
Security drivers and objectives
Privacy and security engagement program objectives
2 Align Privacy and Security With the Business
The Purpose
Ensure that your privacy and security engagement program is positioned to obtain the buy-in it needs through business alignment.
Key Benefits Achieved
Direct mappings between a culture of privacy and security and the organization’s strategic and business objectives
Activities
2.1 Review the IT/InfoSec strategy with IT and the InfoSec team and map to business objectives.
2.2 Review the privacy program and privacy strategic direction with the Privacy/Legal/Compliance team and map to business objectives.
2.3 Define the four organizational groupings and map to the organization’s structure.
Outputs
Privacy and security objectives mapped to business strategic goals
Mapped organizational structure to Info-Tech’s organizational groups
Framework for privacy and security engagement program
Initial mapping assessment within Privacy and Security Business Alignment Tool
3 Map Privacy and Security Enablers to Organizational Groups
The Purpose
Make your engagement plan tactical with a set of enablers mapped to each of the organizational groups and privacy and security objectives.
Key Benefits Achieved
Measurable indicators through the use of targeted enablers that customize the organization’s approach to privacy and security culture
Activities
3.1 Define the privacy enablers.
3.2 Define the security enablers.
3.3 Map the privacy and security enablers to organizational structure.
3.4 Revise and complete Privacy and Security Business Alignment Tool inputs.
Outputs
Completed Privacy and Security Engagement Charter.
Completed Privacy and Security Business Alignment Tool.
4 Identify and Select KPIs and Metrics
The Purpose
Ensure that metrics are established to report on what the business wants to see and what security and privacy teams have planned for.
Key Benefits Achieved
End-to-end, comprehensive program that ensures continued employee engagement with privacy and security at all levels of the organization.
Activities
4.1 Segment KPIs and metrics based on categories or business, technical, and behavioral.
4.2 Select KPIs and metrics for tracking privacy and security engagement.
4.3 Assign ownership over KPI and metric tracking and monitoring.
4.4 Determine reporting cadence and monitoring.
Outputs
KPIs and metrics identified at a business, technical, and behavioral level for employees for continued growth
Completed Privacy and Security Engagement Playbook