Visa Views: How to build privacy into your business

Visa's Chief Privacy Officer offers recommendations to business owners

John Gevertz, Chief Privacy Officer, Visa

January 29, 2019, 3:02 PM Eastern Time

john-gevert-action-shot-3-800x450.gif

Consumers are taking action when it comes protecting their personal information. According to a U.S. Department of Commerce study, nearly three-quarters of Internet-using households had significant concerns about online privacy and security risks in 2017, while a third said these worries caused them to hold back from some online activities. This data is supported by a recent Pew Research Center study which found that 54 percent of Facebook users adjusted their privacy settings following the Cambridge Analytica scandal and 44 percent of users between 18 and 29 years old deleted the app.

Consumers’ intensified focus on protecting their privacy underscores the need for businesses to incorporate data privacy into the building blocks of their organization through physical, technical, organizational, and administrative safeguards.

Here are some recommended principles that businesses can use to improve their privacy practices:

  • Be clear about the data you are collecting and why. Consumers don’t want to be surprised by the way you user their personal information. Be transparent about the data you collect, how you use and share and the benefits.
  • When possible, provide consumer choice. Providing features like opt-ins and opt-outs and mechanisms for consumers to review, correct and delete their personal information demonstrates respect for your customers. 
  • Know the who, what, and where of your consumer data. Inventory the types of personal information you collect and store, know where you keep this information and how it is protected, and document who needs to have access to this data.
  • Don’t keep data you don’t need. Define retention periods for the data elements in your inventory. Securely dispose of data you don’t need. If you do need to keep data, consider redacting sensitive data elements to reduce the risks in the event of a breach.


Assure customers that you will protect their data. Talking about privacy isn’t enough; studies show that consumers are worried about security as well as privacy. This means that you need both to have strong security controls and to make sure your customers know about them. This will help give your customers confidence to share their personal inrormation with you.

John N. Gevertz is Chief Privacy Officer at Visa, responsible for global privacy compliance, information governance, and privacy operations management. He also chairs Visa’s Data Use Council.