We at Kuma marked the annual Data Privacy Day (Jan. 28) by recently unveiling our new, comprehensive privacy and security training programs. The “holiday” always serves as a good reminder to our clients and others that the need for data privacy extends beyond just one day — it’s every day. Our team of privacy and security experts work non-stop, 365 days a year, to create and deliver cutting-edge solutions for businesses looking to shore up their data privacy and security. Helping to lead that charge is Theodora “Theo” Wills, Kuma’s Senior Director of Privacy, who explains how Kuma believes in “The Art of Approachable Privacy.”
“The Art of Approachable Privacy is a phrase I didn’t hear until I came to Kuma, and it’s truly one of the key advantages we have because it shows how we work with clients to set up and implement privacy programs that educate and empower employees,” Theo says. “It’s about — exactly as it says — making privacy approachable and not so scary that it seems insurmountable. Once you establish that, you can get employees trained and start to give them responsibilities and really infuse privacy into your organization. That’s the big, big plus that the Kuma team offers.”
She points to Kuma’s Data Privacy Champions Program as an example of “approachable privacy.” With Privacy Champions, Kuma sets up a tiered structure to better help employees throughout an organization grasp and understand privacy needs on their level. An initial tier may be for frontline employees who require a baseline of privacy knowledge, while a second tier may represent operational managers who need more advanced and hands-on training, and a third tier of executive leaders who need to ensure that data privacy and security are understood and cascaded throughout the company.
In Matters of Data Privacy and Security, Experience Counts
Theo joined Kuma in 2020, having more than 20 years of experience in the information-privacy arena and previously serving as Chief Privacy Officer for the State of South Carolina and Deputy Director of Privacy for the U.S. Department of Defense. Her work has included establishing state and federal privacy programs from the ground up, and she has specialty expertise in healthcare privacy for both public and private sectors.
Theo earned a bachelor’s degree in management from Clemson University and a master’s degree in health administration from the Medical College of Virginia. She has CIPM, CIPP/G, and CIPP/US certifications and is a recognized Fellow of Information Privacy from the International Association of Privacy Professionals. Additionally, she is a certified health coach and completed training as a Lay Leader for the Stanford University Chronic Disease Self-Management Program. Theo thrives on integrating people, processes, governance and technologies to create a privacy-aware business culture.
Theo notes education is a pivotal component when it comes to privacy and security. As experts in the field, Theo and the rest of the team at Kuma know that the best thing they can do for any organization is to empower its employees with the power of knowledge.
“From an educational standpoint, the privacy and security trainings that we’ve developed at Kuma do an amazing job at helping people understand what information privacy is all about,” Theo says. “The Kuma training is digestible, visually interesting and will move the chain for an organization seeking to nurture a workforce that thinks critically about privacy and security.”
Theo’s 3 main lessons on privacy and security
Theo says she often turns to three main lessons when it comes to educating and training others on data privacy and security:
-
Start with the “Why.”
Theo urges clients to wrap their heads around the why’s of information privacy: Why does this matter? Why should I be doing this? Why will this help the organization and my customers? “I like pointing staff to the foundation of informational self-determination,” Theo says. “It’s about giving the individual the right to determine when and how their information is used.”
-
People, Processes, Governance, and Technology.
With everything you establish in an organization, especially in matters of data privacy and security, it’s essential to keep those four components — people, processes, governance and technology — in mind. Adds Theo: “Every time, it has to be: Have I trained my people? Do I have the processes documented to manage this effectively? Do I have the governance structure in place that supports data-aware decision making from the top down? Am I evaluating how the organization’s technology collects, uses, shares, and stores data?”
-
Continuous Monitoring.
Privacy does not stay stagnant, ever. Companies that don’t perform some type of continuous monitoring of their systems and processes are missing the boat, Theo says. “You are not doing your organization any favors by allowing it to develop gaps in privacy and security. You must be constantly proactive and vigilant, and best-in-class training provides those assurances.”
Part of approachable privacy means being able to confidently and conversationally explain the difference between privacy and security. Simply put, she says, security is one of many tools used to protect data privacy. Privacy starts with determining whether you should be collecting the information in the first place, it then looks at the sensitivity level of the data and applicable privacy laws to protect the information whether in paper, electronic or verbal form. Security implements the measures needed to appropriately protect electronic information.
“Information security is an extremely powerful tool that we use within privacy to protect data because of the overwhelming amount of information held in electronic form,” Theo says. “Delineating that difference for clients is absolutely integral to our process, because it lays a more holistic foundation for everything our web-based trainings and other services can provide.”
Visit Kuma’s website to learn more about our services and how you can get involved.
