• United States




Top reasons CEOs should care about privacy

Jun 27, 20185 mins
IT LeadershipPrivacySecurity

Privacy protection will undoubtedly be one of the defining issues of the internet age, and it’s important for leaders and companies to take notice and actively prevent breaches and protect their customers.

board ceo executives table
Credit: Thinkstock

It’s a safe bet that few CEOs would like to go through what Mark Zuckerberg went through with regards to privacy issues. The Facebook CEO has been under fire for allegations that his company permitted a firm attempting to manipulate the 2016 presidential campaign to access the personal data of 50 million members. While only a handful of companies gather data in the volume that Facebook does, the issues of customer privacy that the case raises are relevant to CEOs in many other industries.

Privacy protection will undoubtedly be one of the defining issues of the internet age, and many companies outside of the technology sphere are taking notice. Imagine that your bank inadvertently divulges the ways you and your company spend their money. Or a drugstore discloses information about your family’s medications. Or an insurance agency releases your driving records. These days, there seems to be no end to the ways in which malicious actors can cause embarrassment or harm with personal information.

With that in mind, here are a few reasons all C-level execs, but particularly CEOs, should take the privacy and security of its customers seriously and of the highest priority.

Honoring customer privacy and security

A company’s customers are the most important aspect of any business. The product or service you render as a company is done for the customer, so ensuring their privacy and security needs to be a part of your mission. Should a breach occur, the lasting negative impact on your brand credibility and trust typically outweighs the additional costs associated with building security and privacy into your product or service. As the leader, setting the tone for how your company views the importance of security is one of the most important things you can do. CEOs set the bar for the entire organization. Embed the privacy and security of your customers within the nucleus of your company and its products. Why? Because no matter the type of business you’re in, if you collect any data on your customer, you instantly become a fiduciary of that information. There is a duty and responsibility to protect and safeguard that information.

Brand trust

The good news is that the stock market thrashing that victims of privacy breaches often suffer is usually a short-term phenomenon. The bad news is that your customers’ trust and loyalty may have been irreparably damaged.

IBM’s recent Future of Identity Study found that more than 20 percent of consumers (and 25 percent of millennials) would stop using a service following a data breach. A survey by data protection firm Gemalto was even more alarming. The survey reported that 70 percent of consumers said they would stop doing business with a company that suffered a data breach, and that 93 percent would consider legal action if they were affected. Competitors will make sure customers don’t quickly forget your company’s missteps, and search engine memories last for years.

New regulations such as GDPR narrow the window of time that companies have to report compromises and strengthen public disclosure requirements. Hunkering down and hoping nobody notices a misstep is no longer an option. A company’s failure to protect sensitive personal information becomes a matter of public record, along with all of the consequences outlined above.

Following the law

Equifax has been hit by dozens of individual class-action lawsuits, including a rare national class-action lawsuit comprised of complaints from all 50 states. The company will be in litigation for years, and the costs will be in the millions. While Equifax may be an extreme example, the ease with which compromised customers can now pursue litigation can create a nightmare for companies, even those that are the victim of a minor breach. There’s now even a chatbot service that helps you sue anyone.

Regulatory penalties are another landmine. The General Data Protection Regulation in Europe (GDPR), which went into effect in May, imposes penalties of up to 4 percent of a company’s total revenue for each privacy violation. What this means is that even a modest breach could spell bankruptcy for the compromised company. Similarly, the Canadian government is considering amendments to its privacy regulations that would give individuals greater control over the disclosure of personal information online. The legal costs of fighting prosecution are substantial, not to mention the distraction penalty on senior executives.


Customers and investors want ownership after a security breach, and the CEO is often the one people look to for answers. Equifax did a thorough evaluation of its leaders last year following a breach that compromised the data of 143 million Americans. The chief executive of TalkTalk resigned after a 2015 cyberattack compromised the personal information of more than 150,000 customers and knocked the stock price down by 30 percent. As we all know, the CEO sets the tone for company priorities so when things fail or go wrong we must take responsibility.

In sum, between increased regulation and news coverage there is sufficient evidence of growing concern by consumers over the safety of their personal information, it’s clear that privacy protection is becoming an organizational mandate. As the person leading the ship, the CEO should be particularly vigilant and proactive in ensuring their business is protected and prepared should a breach occur. CEOs should mandate processes with its design and technology teams to confirm that controls and systems are in place to safeguard customer information at every level of the organization and within its products and service offerings.


Darren Guccione is the CEO and co-founder of Keeper Security, the world’s most popular password manager and secure digital vault. Keeper is the first and only password management application to be preloaded with mobile operators and device manufacturers including, AT&T, Orange, America Movil and HTC. Keeper has millions of consumer customers and the business solution protects thousands of organizations worldwide.

Darren is regularly featured as a cyber-security expert in major media outlets including CBS Evening News, Fox & Friends, USA Today, ABC and Mashable. Darren was a panelist at FamilyTech Summit at CES 2017 and keynote speaker at Techweek Chicago 2015. In 2014, Keeper won the Chicago Innovation Awards and in 2016 won the Global Telecoms Business Awards with Orange for Consumer Service Innovation. Darren was recently named in the Chicago Top Tech 50 by Crain’s Chicago Business.

He started the company with extensive experience in product design, engineering and development. At Keeper, Darren leads product vision, global strategy, customer experience and business development.

Prior to Keeper, Darren served as an advisor to JiWire, now called NinthDecimal. NinthDecimal is the leading media and technology service provider for the WiFi industry. He was formerly the Chief Financial Officer and a principal shareholder of Apollo Solutions, Inc., which was acquired by CNET Networks.

He holds a Masters of Science in Accountancy with Distinction from the Kellstadt School of Business at DePaul University of Chicago and a Bachelors of Science in Mechanical and Industrial Engineering from the University of Illinois at Urbana-Champaign, where he was the recipient of the Evans Scholarship and Morton Thiokol Excellence in Engineering Design Award. He was also the recipient of the Distinguished Alumnus Award presented by The Department of Industrial & Enterprise Systems Engineering. Additionally, Darren is a licensed Certified Public Accountant.

Darren is a community board member of the Chicago Entrepreneurial Center (1871) supporting the development of early stage companies and an advisor to TechStars – a Chicago-based technology incubator for innovative startups. Formerly, Darren served on the Committee of Technology Infrastructure under Mayor Richard Daley.

The opinions expressed in this blog are those of Darren Guccione and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.