If, like me, you worked in privacy about ten years ago, you’ve probably felt like that ghost rider on the freeway. Listening to the radio, knowing for sure you were doing things right, you hear an emergency broadcast announce that there’s one ghost rider around where you are driving. Seeing the headlights come your way you may have thought ‘Just one? They’re ALL headed in the wrong direction!’
But things have changed. Some estimated in 2019 that almost out of nowhere, half a million organisations have appointed a data protection officer (DPO). Earlier this year, Cisco published an interesting privacy-focused study (see here). It’s interesting to see the wider variety of good things that come from ‘getting it right’. Gartner clients have already reported back a variety of benefits including reduced storage cost and improved customer retention. Cisco concludes that benefits also include “reducing sales delays, mitigating losses from breaches, enabling agility and innovation, achieving operational efficiency from data controls, making the company more attractive to investors, and building loyalty and trust with customers“.
Now we’re talking.
Cisco also reports observing an average annual privacy spend of respondents to be $1.2 million.
And that resonates. Early 2017, we estimated that the average initial spend for GDPR in year one would be around $1 million in the US and €1.2 million in the EU. Not a one-off, the privacy discipline is here to stay. We’re talking dozens of jurisdictions worldwide working on updates or drafts of modern privacy laws. To see that things are growing, the 2019 Gartner Global Risk and Security Survey demonstrated that the average budget, dedicated to privacy in 2019 grew to $1.7 million. Is that all?
Many capabilities ‘also’ relevant for the privacy cause are paid for by others. CIOs, CDOs, IT Execs, CISOs, you name it. How many CISOs can transparently say that their 2020 budget has grown, say, 4.7 per cent, “of which 2.94 per cent is because privacy”? I bet not very many.
One interesting finding in the Cisco study was this: “The average ratio of benefits to privacy spend was 2.7:1 (i.e., for every dollar spent on privacy, the organization received $2.70 worth of benefit). Almost half of the participants in the Study (47 per cent) are seeing greater than a two-fold return on their privacy investments.”
I repeat: spending $1 earns you $2.70. Spending an average of $1.7 million in 2019 should yield then $4.59 million. Of course many benefits have multiple causes beyond privacy alone. Moreover, there are no direct P&L posts where you can see this returned to pocket. But good governance, a trustworthy and intentional approach towards the customer and enhanced control over the entire personal data lifecycle simply are felt. And that’s what matters.
One colleague put it like this: What if a restaurant company spends $1 million on building insulation.
- As a result they spend 30 per cent less on heating and cooling,
- reduce employee sickness by 20 per cent,
- food spoiling by 25 per cent,
- and increase average customer stay by 20 per cent.
Another colleague highlighted an interesting piece I had not yet seen: General Manager Insight: Apply the Kano Model in a Digital Development Organisation to Meet Unspoken Needs (Gartner paywalled research). The Kano model’s axes of Implementation Level & Customer Satisfaction help attribute and assess the value of privacy without a direct cash connection.
A friend of mine likes to wear T-shirts with silly prints. One says ‘Have you hugged a Privacy Pro today?’ I’m thinking of printing new shirts too. A bit more text: Have you given them the means to do their job right? Do you see how getting privacy right simply makes you and your wallet look good? Have you upped your 2020 privacy budget and will you do the same next year?
*This article is reprinted from the Gartner Blog Network with permission.