Why is privacy important for your association?
A well crafted privacy policy goes much deeper than legal jargon. Your association’s active participation in building a privacy policy should be aimed at going beyond writing a stagnant document. Rather, the privacy policy at your association should be an ongoing process built into your operations.
Members typically expect your association to have a privacy policy. What deepens your connection with your members is their active understanding of what your association is doing to continually protect their data. In light of the politically charged conversations going on right now around data protection and privacy laws, it’s more important than ever for you to focus efforts towards improving the privacy policy, data collection and protection processes at your association. Not to mention there are great benefits to your association when you allocate the time to focus on member data, and the continual improvement of your association’s privacy policies and processes.
Maximize your current member data and improve your data collection processes
Open up discussions internally about the processes your association currently has in place around data collection, security and privacy. Identify what member data you currently have and determine how relevant the data you have is and how you can clean it up to strengthen your member database.
Strengthen your association’s value to members
In the exercise of re-writing your processes around data collection and privacy, your association will need to revisit your mission, vision and values. This will allow your association to identify unique ways around how you can further promote the value of your association to members – as a trustworthy advocate for their rights around data protection and privacy.
Open, transparent conversations with members
Open up the discussion with members around data to communicate what your association is continually doing to protect their data. Don’t discount the benefits of discussing data privacy just because it seems scary to open that can of worms. Your efforts to frequently communicate that your association is committed to protecting their right to privacy enables your team to build deeper relationships with your members.
Reduce risk and the potential of a data breach
While you can never eliminate all risk, the goal of your privacy program should be to provide reasonable assurance that you have made informed decisions related to the security and the processing of the personal information in your possession. Utilize all of the resources available to you online, including information sharing organizations such as US-CERT and ISACA. Chat with relevant stakeholders, and knowledge experts to reduce the risks your association may face around member data.
Developing a privacy program instills you are committed to continually improving your data collection and security process with a keen focus on privacy, for your member’s protection. Your association should review the personal data you store about your members and your association’s existing processes on a recurring basis. You can determine how frequently this happens – ideally on a quarterly basis. The goal of a recurring privacy and data review is to identify what member data is necessary and to dispose of what is unnecessary. Go beyond being transparent. Continually communicate to your members how your association protects their data – exceed member’s expectations, harnesses their trust in your association.
Interested in learning more about how to improve your association’s Privacy Policy?
Hosted by American Technology Services (ATS), LLC, GDPR and Privacy Policy expert William (Bill) Rankin
About
William (Bill) Rankin is the Compliance & Privacy Services Manager at American Technology Services. He has special expertise in privacy practices, GDPR, ITIL, and NIST 800-171 compliance. Bill is certified as an ITIL Expert and EU General Data Protection Regulation Practitioner. Bill and his team at American Technology Services have been working with organizations to provide advice and education on privacy, GDPR, CCPA, and to implement solutions around the people, process, and technologies necessary to work towards good data stewardship and compliance.
