L-R: Kelvin Coleman, executive director with NCSA, Kalinda Raina, head of global policy with LinkedIn and Karen Zacharia, chief privacy officer with Verizon at LinkedIn's headquarters, in San Francisco. Photo: Caroline Spiezio/ALM.

Executives from Microsoft Corp., Verizon Wireless, Visa Inc. and others gathered at LinkedIn's San Francisco headquarters Monday for a series of panels on data privacy.

As part of Data Privacy Day, chief privacy officers discussed their companies' struggles and successes in a changing regulatory landscape. They also shared their observations and advice on developing a strong data privacy program. Here's a roundup of their tips for in-house counsel.

1. Implement privacy by design

Including privacy concepts at a project's beginning can help prevent last-minute security issues that delay or shut down launches, panelists said.

"Thinking about what you're doing with data from the first time you're collecting it, to how you're designing a product to the user interface, so that what data you're collecting and how you're using it is made as transparent as possible," said John Gevertz, the chief privacy officer of Visa.

2. Send the message from the top down

Company leaders should set the tone for privacy and ensure the concept of privacy by design is spread to all layers of an organization.

"You really need to start at the top and have that come down, because that is where priorities get set," said Brendon Lynch, Microsoft's chief privacy officer. "For example … we have a regular meeting with the CEO and the leadership team to report where we're going, how on track we are, where we need additional resources, that kind of thing. And that permeates right through the organization. People know privacy is a priority."

3. Make data privacy information accessible

Privacy counsel should keep data policies transparent, allowing users to know what data is being collected and how it's being used. But it's also important to keep the message as simple and short as possible, so people read and understand the whole thing, Verizon chief privacy officer Karen Zacharia said.

"I often say that one of the hardest things that we do is say something doesn't have to go in a notice. And that's not because I'm saying we should hide something. It's perhaps because it's so obvious that we shouldn't be clogging up, putting additional words into the notice about something that consumers really understand," Zacharia said. "Or perhaps it's less important than the really big thing we think is most important to consumers. Getting that balance right really is a challenge for all of us."

4. Include non-lawyers in the process

Many privacy teams are led by lawyers, but Kalinda Raina, the head of global privacy at LinkedIn, said it's important to get input from other team members as well.

"I have a lot of folks on my team who are not lawyers. We work with our communications team, our design team. Because sometimes you have to get the lawyers out of the way, because we say a little too much that is hard to follow," Raina said. "So sometimes we work with other members of the team to figure out, 'How do we say this in a way people will engage with and understand?'"

5. Build trust with consumers 

Stronger privacy regulations could help consumers trust new technology more, according to Lynch.

"Advocate for strong rules to be in place … a regulatory floor, whether it's baseline privacy legislation or regulating the misuses of facial recognition, that type of thing could actually be beneficial into building trust into the broad ecosystem and enabling people to embark on using these technologies," Lynch said.

Read More:

Google's GDPR Fine Is a Warning for Tech Company GCs: Double Check Data Consent Policies

Intel Publishes a Proposed Bill on Data Privacy