Episode Show Notes: Data Privacy Accountability in Practice: A Case Study of Cisco

In this episode of the Accountability Studio, Cobun Zweifel-Keegan, Deputy Director of Privacy Initiatives at BBB National Programs moderated a conversation with President and Chief Privacy Officer at Cisco Harvey Jang and BBB National Programs Director of Global Privacy Initiatives, Josh Harris. Their focus was on how Cisco approaches data privacy, accountability, and trust. 

As a company that “has led the way on CBPR’s” and has voluntary privacy certifications at the core of its approach to data privacy, Cisco presents an interesting case study. Their privacy statement shares that they are participants in the APEC Privacy Certifications, EU Binding Corporate Rules – Controller, EU, UK and Swiss-US Privacy Shields frameworks. This, as Josh noted, demonstrates a global approach to data privacy, which Cisco has been able to develop and demonstrate across programs to receive various regulatory benefits. 

Harvey shared that Cisco’s privacy philosophy has been driven by customer demand. The easiest way for Cisco to achieve the goals of demonstrating their accountability and setting a global program to create a standard of care their customers could expect was to use the regulators. Cisco’s certification journey began with the APEC Certifications and the APEC Cross Border Privacy rules systems, which they chose partly because of its timeline and principles-based framework. At this time, they had also already signed up to Privacy Shield and Safe Harbor.

Cobun expanded the conversation with two interesting questions to Harvey regarding “why isn’t enough to just do right with your privacy practices? Why do you need that external indicator?” 

These questions led to a dialogue about how society has transitioned from an enviornment of implicit trust, to trust-but-verify, to now a zero-trust architecture that calls for organizations to need to prove they are trustworthy quickly. One of the fastest ways to do this in Cisco’s experience was to have third-party certifications and validations. 

These validations also provide comfort to consumers. In recent surveys, Cisco found that over 90% of the thousands of people surveyed globally “indicated that these external certifications matter to them.” Josh followed this statistic by emphasizing the rigor and confidence in the APEC process for the accountability agent approval under the APEC frameworks. 

The episode continued with Harvey explaining how “driving privacy as a business imperative and not just a compliance exercise changed the momentum,” for Cisco. He detailed how when they looked at their products, services, and customers requests, they found a 20-25% revenue at risk if they could not provide their audience the same information and transparency the law calls for.   

Cobun asked Josh and Harvey for their thoughts on interoperability and the future direction of privacy and certifications. They both expressed optimism regarding how the future of privacy can look. 

As the episode came to a close, Harvey addressed the importance of businesses not doing privacy “just for compliance sake,” because there is so much more than can be done. In support of that, Josh highlighted how Cisco serves as an excellent example of what businesses can do in the current enviornment and Harvey left listeners with the encouragement to think about “fairness, transparency, and accountability.” 

Listen to the full episode here.