As John settled into his seat on the regional train out of D.C.’s Union Station he checked off the items on his mental checklist:
- Power cord plugged into the outlet?
- S’well bottle of water within arm’s reach?
- On the Amtrak Wi-Fi?
- Files and reading materials on next seat to discourage folks boarding at later stops from sitting there?
- Jotter and pen handy?
- All set…
The next several hours would be important, as he needs to begin to outline a presentation for the board meeting coming up in three weeks. There are some significant developments that need to be communicated, but more importantly the board will be looking for actionable recommendations.
As a growth-oriented executive in a SME (small and medium-sized enterprise), John Horace is focused on driving business results and increasing the valuation of the business. He prides himself in understanding the changes in the various external factors affecting his business, including;
- Clients / Customers
- Supplier partners
- Others in his business ecosystem
While it is always tough to keep up with technology advances, and significant complexity is created when clients make technology investments at different times so his apps need to work on a range of software versions. But technology is not the external factor that has been consuming the attention of his executive team lately. Regulations. The regulatory dominoes have been falling, and the result will be changes to competitors, clients, supplier partners and how they interact with consumers. This is real, is already happening, with more coming relatively quickly.
- In late May the European Union’s General Data Protection Regulation (GDPR) went in effect.
- In late June California passed the California Consumer Privacy Act of 2018 (CCPA), to be effective on January 1, 2020.
- In response to the CCPA the speculation about potential next steps has begun, and options include other states following California with their own regulations, or perhaps a federal regulation.
John remains focused on the impacts of the regulations, rather than the regulation itself. He has been leading his executive team to anticipate their new situation through questions;
- In what ways do we expect the competitive environment to change?
- How will user and consumer expectations change?
- In what ways do we anticipate our suppliers and vendor partners will be affected?
- How will these things impact our product line, our service and support, and how we operate?
- What gaps or exposure should we plan for?
As John opened the bag of roasted almonds he had brought on the train to snack on, he noticed the nutrition label on the bag. It sparked a thought. He recalled a concept that originated at Carnegie Mellon University around ten years ago – basically a privacy nutrition label modeled after the FDA version that we know so well for food. The concept never took off for privacy, but it is a creative attempt to differentiate, and that may spark a few ideas among his team. John desperately wants to come up with something other than a boring “legalese” response.
As the train made the brief stops at various stations as they headed north his car was beginning to fill up. The seat next to him would probably not remain vacant much longer so he needed to focus on his task. John needed to come up with his major message points and recommendations for the board. He started to write notes on his jotter;
- The dominoes that are known and have fallen
- The dominoes that are not yet known and have not yet fallen
- Competitive reactions that are known and anticipated
- User and consumer expectations that are known to have changed and that are expected
- Supplier partner changes that are known and anticipated
- Threat of Opportunity?
John’s track record is to view changes in the external environment as opportunities – he has a methodology and set of tools that have served him well over the years, and he follows a fact-based approach. Regulations are difficult for him though, like uncharted territory. John is energized by growth and development, not compliance and legal. Then, he remembered something and wrote another entry on his jotter.
- Forbes article on best and worst after GDPR
John highlighted some key points in the article;
- “But some companies were more creative, indicating that the Marketing department had as much to say about privacy requirements as the Legal department.”
- “Every communication with a customer is an opportunity to create a positive customer experience. With a little effort, it is even possible to turn legal disclosures into an experience.
- Buffer (Grade: A): The social media publishing app sent an email from a real person – “Joel from Buffer” …the body of the email is informative, personal, and to the point. It uses clear language to describe Buffer’s commitment to privacy.
- Union Metrics (Grade: B+): In addition to an attention-grabbing subject line, Union Metrics also makes its email short and sweet, with conversational language that humanizes the brand. “We know you’ve gotten lots of emails like this lately,” the email starts. “Sorry to add one more to your inbox, but this is important, and we take the protection of your personal data very seriously.”
These four companies saw lemons and made lemonade. They saw the change as an opportunity to engage with users and consumers and make a statement. A statement that includes the voice of marketing as well as the obligatory voice of legal and compliance. These four companies took the opportunity to be “Privacy Strong” when their external environment changed.
John was getting increasingly energized about the board meeting. First, he needed to review one more article on his iPad. He knew it well – “Mind Storming with Brian Tracy” by Paul D. Guyon.
Mind Storming is similar in concept to brainstorming, but it can be done independently, without the need of a group. Basically, you write your goal in the form of a specific question, then mind storm until you get a minimum of twenty answers to the question. Quite often, the best answers come toward the end. Working through multiple iterations often results in some awesome options. Focus and mental discipline are required as it takes significant effort to generate at least twenty answers.
John would get the team on a call in the morning to review the mind storm concept and the specific questions. They have used this exercise in the past, but it has been awhile, so he will have to reinforce the importance of thinking deeply about a specific question, and not stopping at the easy answers on the surface. He will also remind them that once the mind begins churning on a question, answers may come to them later and seemingly out of nowhere. They need to be aware of this, so they can capture the answers when they come.
This time John will ask that they mind storm individually. He began to work on three questions;
- What can we do as a business to turn the CCPA and other likely privacy regulations into a marketplace opportunity?
- What creative approaches could the business provide to deliver a compelling but compliant user experience (UX) in how users and consumers interact with us?
- What can we do as a business to turn this regulatory obligation into a positive customer message?
As the train approached Grand Central John was very optimistic the team would generate some specific approaches to turn the regulatory reality into opportunity for the business. They will build on concepts like the privacy nutritional label and the responses to GDPR that Ticketmaster, Buffer, Podcast Movement and Union Metrics took to be “Privacy Strong” in the face of change, and they will mind storm on the specifics of their market and business. John’s final note on his jotter;
- Message point for board meeting: Impact of regulatory reality à OPPORTUNITY.
- Identify one specific change in your external business environment that may represent both potential threat and potential opportunity.
- Define a business or operational goal related to the impact of that change.
- Convert that goal into a question. Be specific and time bounded.
- Mind storm a minimum of twenty answers to that question.
- Remain open to additional answers that surface when least expected – your subconscious is mind working on the opportunity in the background.
If deep expertise on information privacy is needed please engage your regulatory and compliance teams, with specialists such as TrustArc and Daniel Solove’s TeachPrivacy as additional resources.
For more information or to start a discussion about leveraging the opportunities that come with changes in your external market please contact me. I would love to help.
Note: this is the third of a series of short business vignettes posing questions to consider regarding factors in the external environment that may affect a business. I am simply an independent business owner and business performance geek that is very curious about the intersection of regulations, risks, competition, clients and other external realities affect revenue and growth initiatives.
David J. Dillon, MBA
Certified Business Performance Coach
Certified Information Privacy Technologist (CIPT)
Certified Information Privacy Professional (CIPP/US)
Licensed Property & Casualty Insurance Agent