Privacy as Strategy

Harvard Business Review is making a simple argument: data privacy belongs in corporate strategy, not just in the legal and information-technology stack. (hbr.org) In the May–June 2026 issue, HBR published Calvin Sprague’s article “Data Privacy Is a Growth Strategy,” built on an analysis of 360 company announcements about new or improved privacy practices across 14 years. The article says markets “consistently rewarded” firms that took privacy seriously, especially after data breaches. (hbr.org) The article also links privacy to customer behavior, using brand-level data from Osano and YouGov. Brands with strong privacy reputations saw a 12.31% increase in customer patronage, according to HBR’s summary. (hbr.org) That framing moves privacy out of the back office. HBR places it alongside governance, customer trust, and revenue growth, rather than treating it as a compliance checklist or a problem for lawyers and security teams alone. (hbr.org) The timing lines up with a broader shift in corporate practice. Cisco said in its 2024 Data Privacy Benchmark Study that 43% of organizations increased privacy spending in the prior year and 93% planned to put more resources into privacy and data governance over the next two years. (cisco.com) Cisco also reported that companies saw an average return of $160 in benefits for every $100 spent on privacy, and 80% of respondents said privacy laws had a positive impact on their organizations. In the same research, 46% said clear communication about data use was the most effective way to build customer confidence. (cisco.com) Consumers are not coming to this debate with much trust to spare. Pew Research Center reported in October 2023 that Americans are broadly concerned and feel little control over how companies and the government collect and use their data. (pewresearch.org) Trade groups that track privacy programs inside companies are also describing the work in governance terms. The International Association of Privacy Professionals said in its 2023 release on the Privacy Governance Report that privacy had become “an essential organizational and strategic function” spanning teams, responsibilities, and stakeholders. (iapp.org) Regulators have kept the pressure on. The Federal Trade Commission says it brings cases against companies that violate consumers’ privacy rights, misrepresent their data practices, or fail to secure sensitive information under Section 5 of the Federal Trade Commission Act. (ftc.gov) HBR’s argument is narrower than “spend more on privacy and growth follows.” Its subtitle adds a condition — “But only if customers know about it” — which turns privacy into a governance and disclosure question for executives, boards, and investor-facing leaders. (hbr.org) That leaves companies with a concrete test: if privacy affects trust, patronage, and market reaction, it is no longer just a policy buried in fine print. It becomes something senior management has to own, explain, and measure. (hbr.org)