At last week’s second annual South by Southwest (“SXSW”) V2V conference, described as “an extension and re-imagining of the legendary SXSW experience with an emphasis on the creative spark that drives entrepreneurial innovation,” three days of educational programming covered various topics of relevance to the legal/privacy community, including net neutrality, data privacy, competitive design, and emerging technologies using big data.  Although geared towards startups and innovators, and in particular, taking their ideas to the next level, an entire workshop among those offered was dedicated to privacy.

The general topics of privacy and big data dominated the larger SXSW Interactive conference held this past March in Austin, TX, but the intimate setting offered by SXSW V2V allowed for a deeper dive.  Specifically, the bootcamp-style privacy workshop explored key principles and specific strategies and metrics that companies big and small can use to improve their privacy practices.  Starting from the basic premises that privacy is “far from dead” and “the right thing to do,” Privacy Identity Innovation co-founder Natalie Fonseca presented the “Lean Privacy” approach to improving data-privacy management for startups.  Lean Privacy subscribes to the theory that being a responsible data steward is good for business — “privacy is the new green.”  It is primarily intended to help entrepreneurs distinguish their products and services at conception by using privacy as a mechanism to build trust with users.  The following core principles were presented as the four main tenets of Lean Privacy:

  • Respect Matters.  Lean Privacy is about ethics.  Respect users, and “do the right thing.”
  • Personal Data Means People.  While it may be widely promoted today that “big data is the new oil,” thus making data “our competitive advantage,” personal data is still about consumers’ individual information.  Big data usually ties back to small data.  It requires empathy.
  • Users Have Expectations.  Don’t be the “Jack in the Box” who shocks users for the first time.  Avoid surprising users in negative ways.
  • Trust Is Built Over Time.  “Say what you do; do what you say.”  Trust takes time, but it can be lost in an instant.

Ms. Fonseca noted that there are big risks associated with not caring about privacy, whereas companies can find tremendous business value in demonstrating an understanding that privacy matters.  Entrepreneurs weighing considerations about whether to make privacy a primary part of their startup’s business model especially were reminded that privacy is not just the right thing to do, but it’s usually “the easy thing to do” too.  Moreover, although data is an asset, it also can become a liability.  Lean Privacy therefore helps businesses to strategically consider the risks and not just become consumed with collecting everything they possibly can.

The workshop concluded with clear steps that companies can take to improve their privacy practices.  Ms. Fonseca stressed that the one critical thing that every startup must do to begin improving privacy is to establish accountability.  To do this, she suggested empowering a “Privacy Champion” or “Privacy Master,” ideally a founder, who is responsible for thinking about the company’s data-privacy practices.  “That person doesn’t need to be a legal expert,” she said, “What matters is that the Privacy Champion have the authority and the support to be an effective advocate for building privacy into the company from the ground up.”