A Board level presentation to proactively build a privacy dividend within your supply chain.

1. The Privacy Dividend Business case "Privacy protection is not a cost of doing business, it is part of doing business"

2. The business case Protecting personal privacy makes good business sense. It should bring real and significant benefits that far outweigh the effort privacy protection requires. The alternative, of ignoring privacy and leaving personal information inadequately protected, has significant downsides

3. Compliance Requirements

4. ROI 85% of private organisations believe that the DPA improves information management. [92% for public organisations] Annual Track 2008 – Organisations Report31, ICO Return on investment for enterprise data protection, where that has been assessed, can be as high as 4 to 1

5. Board Level Attention Create an attitude for the enterprise Create cultural leadership Drives business as usual activities Removes organisational barriers Delivers funding Ensure long term and ongoing support Google, Schmidt (CEO) says (on Data gathering and privacy), is kept in check by its customers and by the competition: And the reason that you should trust us is that if we were to violate that trust people would move immediately to someone else. We're very non-sticky so we have a very high interest in maintaining the trust of those users."

6. Benefits of Proactive Protection Organisational success Achieving business objectives Asset to organisation Efficiencies Productivity Change agility New opportunities Public awareness Reduced costs of data collection Increased accuracy of data improves reputation Services more attractive Rapid response to requests Risks Wrongly delivered services Delivery out of time Impact to strategic decisions Costs to business

7. Benefits of Proactive Protection Assets to the Individual Trust = increased profit Respect Better data collection Loyal employees Minimise privacy violation costs Assets to 3rd Parties Cost of privacy failure are substantial Competitive disadvantage Assets to society Do the right thing Compliance (costs could include loss of operating licenses) Confidence Loyalty Brand Legislations costs

8. Privacy in the supply chain Privacy should be designed into organisation system and processes Comprehensive vs. minimalist approach DPA is a minimum requirement More comprehensive the proactive approach the better market differentiation to competitors and peers Equates to efficiencies and control Reduce “whole life costs” e.g. less external audits Privacy is good information management

9. The virtuous circle in the supply chain of information assets Information assets are transacted to create a shared ownership and responsibility with the assumption that all assets are backed with relevant layers of security and privacy protection. The virtuous circle requires that all stakeholders are able to demonstrate a privacy dividend to each other on an on-going basis and build trust. What keeps this circle in check are the pressures from market forces and international legislation.

10. Protecting the supply chain of information assets IT/Helpdesk Services Systems Lifecycle Management Endpoint Protection Individual Data Server Monitoring Compliance Management Alerts Abuse/Threat Management Hardware Theft Alert Data Leakage / Loss Forensics Software Misuse/Piracy Alerts Modular Protection Prevention Services

11. The Privacy Dividend Security as an Asset not a Cost Yusuf Hassan Yusuf.hassan@cryptic.co.uk Twitter: @privacytalks http://uk.linkedin.com/in/yusufhassan Cryptic Ltd