SCENARIO
Please use the following to answer the next question:
Amira is thrilled about the sudden expansion of NatGen. As the joint Chief Executive Officer (CEO) with her
long-time business partner Sadie, Amira has watched the company grow into a major competitor in the green
energy market. The current line of products includes wind turbines, solar energy panels, and equipment for
geothermal systems. A talented team of developers means that NatGen's line of products will only continue to
grow.
With the expansion, Amira and Sadie have received advice from new senior staff members brought on to help
manage the company's growth. One recent suggestion has been to combine the legal and security functions of
the company to ensure observance of privacy laws and the company's own privacy policy. This sounds overly
complicated to Amira, who wants departments to be able to use, collect, store, and dispose of customer data in
ways that will best suit their needs. She does not want administrative oversight and complex structuring to get
in the way of people doing innovative work.
Sadie has a similar outlook. The new Chief Information Officer (CIO) has proposed what Sadie believes is an
unnecessarily long timetable for designing a new privacy program. She has assured him that NatGen will use
the best possible equipment for electronic storage of customer and employee data. She simply needs a list of
equipment and an estimate of its cost. But the CIO insists that many issues are necessary to consider before
the company gets to that stage.
Regardless, Sadie and Amira insist on giving employees space to do their jobs. Both CEOs want to entrust the
monitoring of employee policy compliance to low-level managers. Amira and Sadie believe these managers can
adjust the company privacy policy according to what works best for their particular departments. NatGen's
CEOs know that flexible interpretations of the privacy policy in the name of promoting green energy would be
highly unlikely to raise any concerns with their customer base, as long as the data is always used in course of
normal business activities.
Perhaps what has been most perplexing to Sadie and Amira has been the CIO's recommendation to institute a
privacy compliance hotline. Sadie and Amira have relented on this point, but they hope to compromise by
allowing employees to take turns handling reports of privacy policy violations. The implementation will be easy
because the employees need no special preparation. They will simply have to document any concerns they
hear.
Sadie and Amira are aware that it will be challenging to stay true to their principles and guard against corporate
culture strangling creativity and employee morale. They hope that all senior staff will see the benefit of trying a
unique approach.
What Data Lifecycle Management (DLM) principle should the company follow if they end up allowing
departments to interpret the privacy policy differently?