As a parent of teenagers, I’m used to having tough, sometimes even awkward, conversations about topics that are complex but important. Most parents will likely agree with me when I say those types of conversations never get easier, but over time, you tend to develop a roadmap of how to approach the subject, how to make sure you’re being clear and how to answer hard questions.
And like many parents, I quickly learned that my children have just as much to teach me as I can teach them. I’ve learned that tough conversations build trust.
I’ve applied this lesson about trust-building conversations to an extremely important aspect of my role as the chief legal officer at Foursquare: Conducting “The Privacy Talk.”
The discussion should convey an understanding of how the legislative and regulatory environment are going to affect product offerings, including what’s being done to get ahead of that change.
What exactly is The Privacy Talk?
It’s the conversation that goes beyond the written, publicly posted privacy policy and dives deep into a customer, vendor, supplier or partner’s approach to ethics. This conversation seeks to convey and align the expectations that two companies must have at the beginning of a new engagement.
RFIs may ask a lot of questions about privacy compliance, information security and data ethics. But it’s no match for asking your prospective partner to hop on a Zoom to walk you through their broader approach. Unless you hear it firsthand, it can be hard to discern whether a partner is thinking strategically about privacy, if they are truly committed to data ethics and how compliance is woven into their organization’s culture.
Of course, considering the fact that the average data breach costs a company $3.8 million, there’s a concrete financial incentive to having The Privacy Talk. About 38% of all breach costs are due to lost business, including the loss of new business due to a damaged reputation. The ripple effect of a damaged reputation goes beyond the loss of business, however, and can include loss of talent, wounded internal culture and much more.
We’ve found that these conversations are most successful when there is a leader — preferably a subject matter expert from product, policy or legal — present to walk you through the strategy.
Such a conversation should be open: You should feel comfortable asking questions, and answers should be candid. Illuminating questions could include: “Tell me how your company escalates questions around data ethics,” or “Do you think Congress is likely to pass a federal privacy law before the midterms?”
The discussion should go beyond talking points and convey an understanding of how the legislative and regulatory environment are going to affect product offerings, including what’s being done to get ahead of that change.
Who should have The Privacy Talk with their partners?
Ideally, legal leaders at every company, whether it’s a venture-backed startup or Fortune 50 corporation, should be having these types of conversations. Do you work with a cloud storage provider? Are there partners who provide SDKs for your app? Do you engage in digital advertising? Do you operate a website? If so, then there’s at least one partner you need to have The Privacy Talk with.
Ultimately, your corporate reputation is linked with your partners’. No matter if your partner or vendor is running analytics for you, or you have their SDK integrated in your app — that company and the commitments they keep (or don’t) will impact your company’s reputation.
Most coverage of data breaches doesn’t fail to mention all the partners who might be affected by a company that’s been hacked. If the privacy practices of your partners are questionable or insufficient, and they find themselves at the center of a scandal, your company may be dragged down, too. In an era where trust is becoming critical, you must zealously protect your brand. Reputation management is an active, not passive, effort.
I’ve been a lawyer for a long time and have worked in-house for more than two decades, so I know that lawyers, by nature, seek certainty in mitigating risk. And where certainty cannot be found, contractual assurances can be. I’ve negotiated more than my fair share of indemnity clauses and limits of liability. Experience has also taught me that the contract will do little to rebuild what is lost when your company’s reputation is sullied by a disreputable partner.
Some hard-earned lessons are eternal. We learned from our parents that little is more important than the company we keep. More recently, I’ve been reminded that the conversations that start awkwardly may dig a little deeper than folks find comfortable — these are the talks that get at what really matters and truly build trust.
If you haven’t yet, have The Privacy Talk. My own kids taught me as much.