How can an organization best position their privacy and security programs to be used as a competitive advantage? First, of course, you need to ensure that your privacy and security program is robust, well-tested, formally documented and meets or exceeds whatever legislation that your company is subject to or regulated against.
It is also important to give your customers a point of reference about the validity of your programs so they easily translate the value into a currency they recognize.
Further, you should take advantage of any other internal and external audits, assessments and oversights that you can reasonably share with external parties by crafting the results of these documents as a consumable for external parties. It has been my experience that clients, especially their security teams, really appreciate this effort.
Another innovative way to deliver a competitive advantage today is in the realm of vendor management. This discipline is quickly becoming an increasingly high-profile topic of discussion and interest between clients, customers and their service providers. The onus is on you anyway to demonstrate oversight of your third-party service provider(s). This is where you should also have the “value add” conversation and validate why your clients placed their trust in you in the first place. It is a key selling point to use to distinguish yourself from your competitors.
Still need justification for your programs? The benefits of a competent privacy and security program are myriad and are more visible and tangible than ever. Don't just analyze what it costs to administer your programs or even what the ROI may be. The hard and soft costs associated with damage to a brand or reputation due to a breach or compromise may be incalculable, and may make it very difficult or impossible to woo back former clients who left due to the breach, or worse, woo new clients into the fold. How's that for justification?