Data privacy strategy advice from an ex-FTC regulator

Raashee Gupta Erry, an ex-Federal Trade Commission (FTC), privacy, and marketing leader explains how to use the agency’s view of privacy to improve your business.

What is a data privacy strategy?

A data privacy strategy is a comprehensive plan to protect and manage personal information. It ensures compliance with legal requirements and includes policies, procedures, and technologies to safeguard data. Some key components are data governance, risk assessment, employee training, incident response, and continuous monitoring to maintain trust and mitigate risks.

‍Read more: Data privacy program management, decision-making, and strategy

‍Data privacy strategy: an ex-FTC leader’s perspective

As someone who has spent over 20 years deeply immersed in various facets of the industry, including brand management, agency work, and ad tech, my journey has been as diverse as it has been enlightening. However, it was during my time at the Federal Trade Commission as a White House Presidential Innovation Fellow where my perspective on privacy and its intersection with business practices truly crystallized.

At the FTC, my focus was primarily on advertising practices and privacy within both, consumer protection and competition. This involved a wide array of engagements, from investigations and enforcements to policy-making, market research, workshops, and tech sprints. Each day brought new challenges and insights, making it an incredibly dynamic experience.

‍

One of the key takeaways from my time at the FTC was the agency's intense focus on the intersection of tech, consumer privacy, and antitrust issues. Consumer data lies at the heart of many of these issues, driving both competitive conduct and privacy concerns. This understanding has only grown since my time there, with recent actions from the FTC highlighting the importance of this intersection.

Raashee Gupta Erry, ex-FTC - White House Presidential Innovation Fellow

‍

The establishment of the Office of Technology within the FTC is a clear indicator of this focus. As the founding member of this office, I had the opportunity to shape its direction and objectives. The office serves as a shared resource across bureaus, enhancing the FTC's expertise in dealing with emerging technology issues.

This focus, commitment and the desire to move upstream, enables the agency to take a holistic look at a business and its practices.

Get your house in order 

‍

‍

In today's digital landscape, businesses face a dual challenge of navigating data privacy pressures and technological changes. The shift away from traditional identifiers like cookies has led to increased fragmentation and the need for alternate data sources and techniques.

To address these challenges, businesses must adopt a holistic approach that considers the ethical implications of their digital experiences, the transparency of their data practices, and the robustness of their legal and compliance frameworks.

‍

‍

To make any meaningful change, it is important to understand how consumers and regulators experience a business or brand. How they engage with or investigate. 

• From the Outside: is the digital experience ethical and fair? Is there any trickery or manipulation? Is it a never ending circular loop? 

• From the Inside: what data are you collecting? Is your consent experience informative and clear? Are you honoring consumers rights? 

• In the Hidden Corners: Are your policies up to date? Are you using any sort of trackers? Are you saying what you do and doing what you say? 

I liken this approach to preparing a house for springtime. Just as you would make the outside of your house welcoming, ensure the inside is cozy and comfortable, and check the dark corners for any issues, businesses must also address these aspects of their operations to thrive in today's environment.

The collaborative approach to privacy 

‍

‍

Building on the above, a holistic approach is required for a medium to long term success of a business. It requires involvement from all levels of the organization.

Read more: Privacy is a team sport: collaborating to get results

• C-Suite and leadership must champion ethical data use. (Empower & Enable)
  • Conduct workshops and training sessions to educate teams on the importance of data stewardship and ethical practices.
  • Develop and implement a Data Stewardship Commitment program that outlines clear guidelines and responsibilities for handling consumer data.
  • Provide ongoing support and resources for teams to implement and uphold the Data Stewardship Commitment, including access to tools and best practices.
    

• Customer experience teams must ensure transparency in design. (Ensure & Activate)
  • Perform thorough audits of websites, apps, and digital platforms to identify any dark patterns or unethical design practices. (Keep Reading: Bringing Dark Patterns to Light, FTC Report)
  • Provide recommendations and guidance on how to rectify identified issues and create fair and transparent digital experiences.
  • Develop a centralized library of fair patterns and best practices for sustainable implementation across all digital properties.
    

• Marketing and advertising functions must identify privacy-first technologies. (Identify & Implement)
  • Collaborate with businesses to assess their current tech strategies and identify areas for improvement in privacy and data management.
  • Develop transformation roadmaps, outlining steps for implementing privacy-first practices and future-proof solutions.
  • Provide ongoing support and guidance throughout the implementation process, including readiness reviews and data strategy consultations.
  • Keep Reading: Marketing Privacy Audit Guide from Uplevel

Free Download: Privacy for Marketers Guide

• Legal and privacy teams play a crucial role in ensuring compliance with regulations. (Protect & Comply)
  • Assist businesses in building and maintaining a consented audience pool, ensuring compliance with regulations such as GDPR and CCPA.
  • Conduct vendor compliance checks and risk assessments to identify potential privacy vulnerabilities and mitigate risks.
  • Provide expertise and guidance on navigating privacy regulations and establishing strong relationships with legal counterparts.

Free Download: Marketing & Privacy Collaboration Checklist from Uplevel

• Product and technology teams should prioritize privacy by design principles. (Build & Develop)some text
  • Implement The Privacy Stack, a framework for building with privacy as a default.
  • Provide training and resources to help technical teams understand and implement privacy principles and frameworks.
  • Educate business leaders on the benefits of prioritizing privacy in their infrastructure and how it aligns with their privacy objectives.
    

Read more: 5 ways to unify your legal and tech teams in the AI era

‍

‍

Getting started 

One of the ways to get started is to assess the organization's current practices. Conduct an audit or assessment of sorts.

At Uplevel, we conduct an ‘issue spotting’ discovery, which is a specialized methodology designed based on our specific experiences at the Federal Trade Commission. This uncovers areas of improvement from the vantage points of consumers, business and regulators.  

Go further: How to choose a data privacy framework for your business

‍