Announcing the release of PIA Template v2.0! Learn more

Rethinking Privacy Metrics: Aligning with Business Strategy

by Lauren Reid

I recently participated in a conference panel called Show Me the Money: Prove Privacy’s ROI with the Metrics That Really Matter, along with Ron De Jesus of Transcend, Aaron Weller of HP, and Avishai Ostrin of TrustIZ. It was perhaps the most engaging panel I’ve been part of in recent memory, largely due to our commitment to practicality: no platitudes allowed!

Here are my blunt and specific statements, backed up by real world examples, and as always, related to The Privacy Pro mantra: business should drive privacy, not the other way around.

1. It’s not about you!

As privacy professionals, we often fall into the trap of trying to prove our worth through metrics that, frankly, no one else cares about. We’ve all seen those reports:

  • Number of PIAs completed (to be blunt, this is the worst privacy metric)
  • Time to complete PIAs (slightly better, but still missing the point)

During our session, a quick survey confirmed our suspicion: these metrics don’t resonate with the broader organization. They often stem from a place of insecurity, a fear that others don’t value our role.

Instead of focusing on self-serving metrics, we need to demonstrate how we’re moving the needle on business strategy. And here’s the kicker: you don’t decide if you’re adding business value, the business does! How do you find out? Ask.

In The Privacy Roadmap™ engagements, we start by asking the business team, “are there things you want to do but can’t because privacy is holding you back?” This approach often reveals inefficiencies or misconceptions that we can quickly address, demonstrating real value and partnership.

For instance, we once discovered that a team wasn’t using a valuable marketing tool because an outdated policy mandated data storage in Canada. By investing in the right mechanisms for lawful and safe cross border data transfers, the privacy team proved that they could be a valuable partner, not a barrier.

2. You have to spend money to make money.

Privacy isn’t just about managing risk; it’s about enabling business growth.

For our B2B SaaS clients, we often create sales enablement tools. These include FAQs, checklists, and multiple versions of documents aligned to different frameworks (NIST, ISO, CSA).

These sales materials are not regulatory requirements in any jurisdiction, and they don’t directly reduce risk. They’re time-consuming and expensive to produce. Making public commitments means they require extensive review from legal, communications, and marketing teams. You also need to train your sales team on how to present them and answer questions, and ensure you can deliver on all the commitments you make. That’s the “I” (Investment) in ROI.

The “R” (Return) is what you get in exchange – for example, a shorter sales cycle and more deals closed. This has true strategic business value.

If you’re in a corporate or back-office role, you’re likely concentrating on avoiding risk and reducing costs. Here’s a crucial point: Don’t assume that these priorities matter to other stakeholders, and don’t judge them for having different ones. We have different incentives, and when they’re aligned, you won’t have to work so hard to prove your value.

This example also demonstrates that good metrics aren’t all about counting things. Think about outcomes.

Man looking at multiple computer screens with charts and graphs.

3. You don’t need another dashboard.

I said you have to spend money not waste money.

A stroll through the Exhibit Hall at any privacy conference reveals two ubiquitous offerings: an abundance of free socks and a plethora of vendors touting ‘turnkey’ solutions guaranteed to solve all your problems. While the socks might actually prove useful, those sweeping promises never do.

Before shopping for software, figure out your business requirements. Start simple – a spreadsheet can often suffice until your needs outgrow it due to team size, activity volume, or system complexity.

If you’re using a tool that doesn’t work for you, it’s time to cut your losses. Don’t fall into the sunk cost fallacy. When I mentioned this during the panel, the vigorous nodding from the audience was nearly unanimous (and slightly concerning – I hope no one got whiplash).

Stop looking for the tool that will solve your problems for you.


Work With The Privacy Pro

Schedule an introductory consultation to discuss your
privacy goals and how The Privacy Pro can help.


This website uses cookies for web analytics, to properly service our customers and for marketing purposes. The cookies may be set by us or by a third party provider whose services we have retained. You can block cookies at any time by changing the settings of your web browser. By continuing to use this website, you consent to our use of cookies on this website. Our Privacy Policy.