As a data company, Nielsen recognizes the inherent responsibility to protect the privacy of individuals who share information with us. When we say “privacy,” we’re talking about a set of rules that relate to the collection, use and disclosure of information about people.
Members of Nielsen’s data privacy team—Ben Hayes, Chief Privacy Officer; Meredith Grauer, Deputy General Counsel, Privacy; and David Stevens, Data Protection Officer for the EU—recently sat down to discuss that responsibility, as well as what data privacy means in practice for Nielsen. The team all agreed that it’s imperative we embed responsible stewardship for our data across all teams, products and services.
“The definition of personal data and privacy laws is changing,” said Ben. “At one time, it was data that could be associated with a known individual. Now the law has evolved to see smartphones and computing devices as extensions of people. As we try to keep up with changing viewing patterns and measuring these platforms, we have to take account of this.”
By employing privacy by design principles, we’re better able to protect our data from the minute we start conceiving of an idea. We also evaluate privacy risks using a risk-based approach, with criteria for certain data considerations, such as the volume and sensitivity of data, whether access rights are limited or broad, and more.
The team also highlighted the importance of collaboration across teams. “In order for us to do our jobs, we need to partner with the businesses, with our engineers, with colleagues in legal—across Nielsen—in order to understand the business objectives so we can assess the risks and mitigate them,” said Meredith.
While privacy laws may vary country to country, they are based on a common set of fair information use principles, which our Global Privacy and Data Use Policy are also based on. To that end, we’ve created a privacy management framework that is consistent with both the underlying principles and the spirit of privacy laws around the world.
One of these is Europe’s new General Data Protection Regulation (GDPR). “The importance of GDPR is that it’s no longer a purely compliance exercise,” said David. “It’s trying to ensure accountability—not only by having a privacy team that does it all but making every employee aware of their obligations to protect personal data.”
Visit our Global Responsibility & Sustainability page on Nielsen.com, as well as our Nielsen Global Responsibility Report for more information about how our environmental, social, governance (ESG) strategy is aligned across all our business objectives.