Consent is the “Little Black Dress” of Privacy
The Little Black Dress. . .every woman owns one. It’s that go-to, works-everywhere-in-any- social-setting-with-every-group-of-people piece of a woman’s wardrobe. It can be worn to an office event, a conference presentation, an awards ceremony, a girls’ night out, a romantic evening, a funeral, a wedding, and just about everything in between. Every woman knows it’s wise to have one in her closet, and to keep it fresh and ready to wear by keeping it dry cleaned or splurging on a new one from this season’s collection.
Audrey Hepburn iconized the LBD with pearls and diamonds, but just about any jewelry will do. It can be dressed up or down depending on what you wear it with or how you style your hair. While the LBD is itself the fashion staple, it’s the styling and accessorizing that pulls together the final look to perfectly suit any and every occasion.
Just as the LBD could be considered an anchor of a woman’s closet – if not of the women’s fashion world in general – consent could be argued to be the LBD of the privacy world. Every organization collecting personal information needs consent to do it. It’s the baseline authority mechanism for collecting, processing, storing and transferring that personal information. Consent is needed by government agencies, financial services companies, healthcare organizations, cloud communication providers, ride share platforms, online retailers, and everything in between.
The LBD that gets trotted out to parties and the conference circuit needs to be taken to a good dry cleaner on a consistent basis. Similarly, organizational consent terms should be reviewed and revised regularly and, occasionally, completely overhauled. Organizations can choose to keep their consent language and terms fairly basic based on their risk landscape and legislative requirements, or take the opportunity to build procedures and practices that operationalize consent terms in alignment with contemporary industry best practices for the notification to consumers, patients, or workforce members about the collection, processing, and transfer of their personal information.
Just as different events and outings call for different types of accessories or styling to accompany the LBD, different collection scenarios may warrant different privacy practices and controls to be applied. File integrity monitoring may be utilized to detect fraud. Encryption strength may be changed based on risk profile of organizations or industry requirements. Masking of personal information may be used to disambiguate the values in fields displayed on webpages. Notifications of increasingly restrictive permissible usage of collected personal information may be posted or e-mailed. Associated regulatory statutes may be provided and require acknowledgement at the time of consent collection.
The options for pairing and augmenting consent mechanisms with different administrative and technical privacy controls can be as varied as the ways to style the iconic little black dress. However you dress it up, consent is never going out of style.