Case Study

Privacy Culture and Change Transformation

A leading provider of Compliance Management Programs to State and Local Governments. They combine consulting, technology and outsourcing services to cover the end-to-end management of compliance programs.

The Challenge

Faced with contractual penalties resulting from a number of privacy breaches, this organisation was keen to change its culture to ensure compliance with upcoming changes in legislation. With no processes in place to manage privacy issues, and a culture that lacked awareness, there was a requirement for improvement across the three pillars of people, process and systems.


Deploying Change Champions to Achieve Privacy Compliance


Working collaboratively with the Executive Team, we appointed a number of key individuals across the organization as Change Champions. We created awareness of the issue and built a compelling narrative that was repeated in all communications and meetings. The message was further enhanced through multiple workshops and by inviting the Deputy Privacy Commissioner to present at a company-wide forum. To ensure that Privacy was always front of mind, posters, stationery and mouse-pads were distributed across the organization and all managers had to incorporate a “Privacy Moment” in meeting agendas. In parallel, a robust process with a triage function was built to ensure early identification, prioritization and management of any privacy breaches. We identified key metrics and developed dashboards to track progress and then trained the business units on how to. Regular feedback was provided to all teams and iterative improvements designed. These learnings were shared through “brown bag” lunch workshops and posted on an intranet site. Continuous Improvement discussions became part of the standard team meeting agenda.


After a period of 6 months, Privacy was very much part of the way things were done in this organization, was talked about and understood by all employees, and potential breaches were identified before they occurred.

Key Lessons

Privacy compliance is a difficult topic to gain buy-in and support from employees. The Deputy Privacy Commissioner was able to provide real-life examples where privacy breaches had personally impacted individuals. At this point, we were able to reach the hearts and minds of the employees. Once this had been achieved, ongoing reinforcement via meetings, comms, posters etc, provided the reinforcement necessary to ensure continued focus.

Internal Privacy Advocates


Cost avoidance achieved


Broken Stressballs


Further Reading

Salesforce Program Management

Content Management Upgrade

Agility Acceleration Program