On 3 March 2010, the UK Information Commissioner launched a report entitled “The Privacy Dividend” (the Report) which outlines the business case for organisations to invest in proactive privacy protection. It highlights the need for direction and accountability on the part of senior management for a company’s privacy strategy.
The Report provides practical tools to help produce a financial business case for data protection which integrates privacy protection into the organisation’s culture and governance. Public and private organisations can use the business case to engage senior management and justify spending on privacy protection.
The Report argues that: (i) personal information has commercial value; (ii) good data protection can bring business benefits; and (iii) there are significant drawbacks and potential costs to ignoring data protection. It highlights the key components of a privacy program and offers a structured approach for data protection officers to build their own business case to secure investment and build a privacy culture. It offers guidance on creating business cases for the implementation of a new system or to change an existing system.
There are appendices which assist in the construction of a customised business case, including calculation sheets covering: (i) value of personal information (from perspectives of organisation, individual, other parties and society); (ii) costs of privacy failure; and (iii) benefits of privacy protection.
Upon launch of this Report, the Information Commissioner, Christopher Graham, quoted: “No organisation can neglect to protect people’s privacy. Not only is it the law, but there is also a hard-headed business imperative”. Privacy officers can find convincing their organisations to invest in privacy procedures, training and reviews an uphill struggle, and the Information Commissioner is right to focus on giving those enthusiastic or responsible for compliance assistance with this task that goes beyond scare tactics.