Extending the value chain to incorporate privacy by design principles

Identity in the Information Society, Aug 2010

Morgan et al. (2009) examine the notion of corporate citizenship and suggest that for it to be effective companies need to minimize harm and maximize benefits through its activities and, in so doing, take account of and be responsive to a full range of stakeholders. Specifically, they call for a “next generation” approach to corporate citizenship that embeds structures, systems, processes and policies into and across the company’s value chain. We take this notion of corporate citizenship and apply it to Privacy by Design concepts in a value chain model. Privacy by Design is comprised of Seven Foundational Principles (Cavoukian 2009), and as we develop the Privacy by Design Value Chain, those principles are incorporated. First, we examine the primary activities in the value chain and consider each of these seven principles, and then we extend the analysis to the support activities. Finally, we consider privacy implications and the challenges to be faced in supply chain and federated environments. Designing privacy into the value chain model is a practical, business view of organizational and privacy issues. This puts privacy where it belongs in an organization—everywhere personal information exists. We conclude that further research is needed to consider the internal stakeholders’ communications among the various departments within an organization with the goal of better communications and shared values, and we believe the value chain approach helps to further this research agenda. Also, federated environments necessitate that organizations can “trust” their third parties providers. Research and case studies are needed regarding how these organizations can create value and competitive advantages by voluntarily providing their customers with privacy practice compliance reports. For the most part, the future is bright for the protection of personal information because solutions, not problems are being proposed, researched, developed and implemented.

Article PDF cannot be displayed. You can download it here:

https://link.springer.com/content/pdf/10.1007%2Fs12394-010-0059-6.pdf

Extending the value chain to incorporate privacy by design principles

Julie Smith David Marilyn Prosch 0 ) The Privacy by Design Research Lab, W.P. Carey School of Business, Arizona State University , Tempe, AZ, USA Morgan et al. (2009) examine the notion of corporate citizenship and suggest that for it to be effective companies need to minimize harm and maximize benefits through its activities and, in so doing, take account of and be responsive to a full range of stakeholders. Specifically, they call for a next generation approach to corporate citizenship that embeds structures, systems, processes and policies into and across the company's value chain. We take this notion of corporate citizenship and apply it to Privacy by Design concepts in a value chain model. Privacy by Design is comprised of Seven Foundational Principles (Cavoukian 2009), and as we develop the Privacy by Design Value Chain, those principles are incorporated. First, we examine the primary activities in the value chain and consider each of these seven principles, and then we extend the analysis to the support activities. Finally, we consider privacy implications and the challenges to be faced in supply chain and federated environments. Designing privacy into the value chain model is a practical, business view of organizational and privacy issues. This puts privacy where it belongs in an organizationeverywhere personal information exists. We conclude that further research is needed to consider the internal stakeholders' communications among the various departments within an organization with the goal of better communications and shared values, and we believe the value chain approach helps to further this research agenda. Also, federated environments necessitate that organizations can trust their third parties providers. Research and case studies are needed regarding how these organizations can create value and competitive advantages by voluntarily providing their customers with privacy practice compliance reports. For the most part, the future is bright for the protection of personal information because solutions, not problems are being proposed, researched, developed and implemented. - Morgan et al. (2009) examine the notion of corporate citizenship and suggest that for it to be effective companies need to minimize harm and maximize benefits through its activities and, in so doing, take account of and be responsive to a full range of stakeholders. Specifically, they call for a next generation approach to corporate citizenship that embeds structures, systems, processes and policies into and across the companys value chain. We take this notion of corporate citizenship and apply it to Privacy by Design concepts in a value chain model. We consider the various stakeholders, both internally and externally, that potentially have any contact with personal information with the goal of better communication and designing privacy into all relevant activities. Privacy by Design is comprised of Seven Foundational Principles (Cavoukian 2009), and as we develop the Privacy by Design Value Chain, the following principles are incorporated: First, we examine the primary activities in the value chain and consider each of these seven principles, and then we extend the analysis to the support activities. Finally, we consider privacy implications and the challenges to be faced in supply chain and federated environments. Porters (1985) Value Chain model has been used to analyze firm and interorganizational activities with the goal of identifying configurations that add value or help to create competitive advantage. To model the value chain, organizations can focus on their internal operations or their complete supply chain. As illustrated in Fig. 1, internal operations include primary activities that are performed to add value to their customers experiences and support activities that can span the organization to enable the successful execution of primary activities. Additionally, when considering supply chains and federated environments, each organization in the supply chain or federation must configure and execute their activities to best contribute to the overall system success. Initial research focused exclusively on optimizing the flow of physical goods throughout the system and has been used extensively in practice (Supply-Chain Council 2008). Relatively recent work has recognized that information asymmetries are a major cause of inefficiencies, such as the bull whip effect (Lee et al. 1997 ), and the value chain concept has been extended to incorporate information and financial flows to further optimize operations (such as Patnayakuni et al. 2006). Additionally, since the internet has enabled more tightly integrated firms, research has shown that information technology has transformed the types of relationships between organizations (Porter 2001). Unfortunately, with enhanced technologies and communication between organizations, not only are efficiencies enabled, but additional opportunities arise for inappropriate use of personal information. In response, we extend this well-known model to incorporate the Privacy by Design principles. Therefore, the next section of this paper explores the privacy risks inherent in a firms internal activities, and then the subsequent section expands the analysis to incorporate federated communities and discusses how the privacy risks flow throughout the supply chain. We argue that privacy has been an afterthought at best in this information-based society, and we propose that Privacy by Design principles should be embedded and operationalized in value chain activities to create both value and competitive advantage. To set the stage for the consideration of Privacy by Design concepts in todays digital business environment and federated communities, we consider the following quote by the creator of the initial value chain concepts: Many of the pioneers of Internet business, both dot coms and established companies, have competed in ways that violate nearly every precept of good strategy. Rather than focus on profits, they have sought to maximize revenue and market share at all costs, pursuing customers indiscriminately through discounting, giveaways, promotions, channel incentives, and heavy advertising. Rather than concentrate on delivering real value that earns an attractive price from customers, they have pursued indirect revenues from sources such as advertising and click through fees from Internet commerce partners. Rather than make trade-offs, they have rushed to offer every conceivable product, service, or type of information. Rather than tailor the value chain in a unique way, they have aped the activities of rivals. Rather than build and maintain control over proprietary assets and marketing channels, they have entered into a rash of partnerships and outsourcing relationships, further eroding their own distinctiveness. While it is true that some companies have avoided these mistakes, they are exceptions to the rule. (Porter 2001) These t (...truncated)


This is a preview of a remote PDF: https://link.springer.com/content/pdf/10.1007%2Fs12394-010-0059-6.pdf
Article home page: https://link.springer.com/article/10.1007/s12394-010-0059-6

Julie Smith David, Marilyn Prosch. Extending the value chain to incorporate privacy by design principles, Identity in the Information Society, 2010, pp. 295-318, Volume 3, Issue 2, DOI: 10.1007/s12394-010-0059-6