The Intersection of Privacy and Public Relations

posted by Boyd Neil

(By Emily Crane, a senior account executive in Hill & Knowlton’s Washington, D.C. office)

Traditionally, corporate responsibility refers to the various ways a company protects its stakeholders’ best interests. When consumers and stakeholders consider CR, they often think about the environment, a company’s spirit of volunteerism and how that company gives back to its community. An overlooked aspect of corporate responsibility is privacy. With reports of information leaks, lost laptops and hacked credit card files coming to light almost daily, it is evident that companies must be as responsible for protecting the personal information of their consumers, employees and stakeholders as they are for making sure they are energy efficient.
This post is not about privacy and information security policies and procedures. On a day-to-day basis, I see most corporations striving to put top-notch security and privacy practices in place. No corporation wants to damage its reputation and end up under a microscope. You can learn more about various thought leaders in privacy and their practices by visiting the International Association of Privacy Professionals.
But there are some interesting questions about privacy that public relations professionals should start thinking about. Should we be recommending to our clients that they consider positioning themselves as thought leaders in privacy? By doing so, however, would they open themselves up to greater scrutiny and legal vulnerability? How do companies determine if they should be ambassadors of their privacy and information security practices? While companies want to protect employee, customer and business information, does going out in-front of the crowd and talking about those policies and procedures open them up to greater liability if something should go wrong in the future?  And is there an obligation to share and promote best practices in the area of privacy and information protection?
I can see it from both points of view. From a legal standpoint, I understand how companies would be concerned that discussing their policies might make them vulnerable legally. What if a company’s talk on privacy procedures leads consumers to assume their information is “guaranteed” to be protected? But, I believe companies who strive to be responsible owe their stakeholders a better explanation then “they don’t want to talk about it.” I’m not saying companies should throw all legal concerns to the wind when talking about information security, but I do believe that corporate responsibility does not end with doing well.
It is just as important that a company is responsible with its information policies as it is that the company makes sure people know how responsible it is. That type of thought leadership drives improvements, innovation and the conversation around privacy and information security. I think we need to give more credit to consumers and employees—and assume they understand the difference between talking about precautionary measures and legal obligation.

Share and Enjoy:
  • Facebook
  • Twitter
  • PDF
  • LinkedIn
  • Print
  • email
  • Digg
  • Add to favorites
  • Google Bookmarks
  • Netvibes
  • NewsVine
  • Posterous
  • Reddit
  • StumbleUpon
  • RSS

Add a comment