Provide a secure user dashboard where individuals can access and exercise their data subject rights
Download complimentary Gartner report
Build for privacy
Consumers are increasingly taking their business to where their personal information is best cared for. Successful security and risk management leaders need to support their business objectives with "privacy engineering" to gain a competitive advantage and differentiate offerings in crowded markets.
- Many organizations struggle to view privacy and security as different goals. Although they share common traits, both disciplines are quite distinct.
- Products and services lacking privacy considerations represent a clear liability to organizations that process personal information.
- Many organizations fail to factor in the risk to individuals' privacy in their business impact assessments.
- Security and risk management leaders responsible for privacy management programs should:
- Transform their privacy programs from a forced to an organic change by implementing privacy engineering guidelines.
- Enforce a clear distinction between building for privacy and building for security by addressing the requirements of the individual's privacy rights and expectations at the product design level.
- Demand products that are "built for privacy," rather than repackaged features for trending market demand.
Organizations often mistake security features, such as access control or certified cryptography, for privacy. Security makes up one component of a varied toolbox of capabilities to address privacy requirements. The ultimate goal is to provide an accessible and functional outcome. This involves the capacity to easily respond to subject rights requests (SRRs), a family of subject rights that includes subject access requests (SARs), update requests and deletion requests. It also includes the capacity to delete personal data once it's no longer needed, without manual intervention or complex processes.
Gartner «Build for Privacy», 5 June 2018, Nader Henein.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.