Nobody can know everything. In the business world, CEOs and other executives focus on the big picture: where the company is going and why. However, that focus often means they’re insulated from the day-to-day, front-line details.

Sometimes those details are the tip of an iceberg that can make or break the company. Employees and outside consultants may see an urgent threat while the C-suite is looking in another direction.

Such is the case with digital policies. You’ve seen the evidence. You’ve read the case studies. You’re keeping up with regulatory initiatives taking place all around the globe, such as accessibility or data export. You know that your company’s leaders would take it seriously if you could help them see digital the way you see it — but how do you do that?

As the old saying goes, there is strength in numbers. Band together with other front-line employees like you in different functional areas. By building your individual expertise into a solid consensus in support of robust digital policies, you’ll be taken much more seriously than if you try to do it one at a time. So let’s fill up your team roster by looking at several functional areas and what insights experts in those areas can contribute.

Build Your Digital Policy Dream Team


Marketing has found a new home online, and that makes it almost impossible to talk about marketing without also talking about data and digital policies. So it’s no surprise that front-line marketers working in the trenches every day would be the first to notice both the potential and the risks inherent in the world of digital marketing.

Customer Data

Data is the lifeblood of marketing. The more you know about your customers, their behavior, their shopping habits, etc., the more accurately you can craft your messages. And because everybody is excited about the potential of big data, marketers frequently adopt a “more is better” approach to data collection. Which makes it that much harder to be the lone voice in the corner, asking, “But what about …”

That’s because, while data can be a liability, it’s also a huge asset. The key is to find the balance.

What they want the C-suite to know about customer data: “Instead of collecting and storing as much data as we can, we should do a risk/benefit analysis and keep only data that has a value that outweighs the additional exposure.”

Brand Integrity

In 2016, businesses spent almost $600 billion on brand activation (the coordination of a brand’s messaging across multiple channels and platforms). That kind of spending makes it a lot easier to understand why marketers can be so picky about things like colors, fonts, wording and more.

What they want the C-suite to know about brand integrity: “We spent too much money on our branding to have it undermined every time an employee chooses their own colors, fonts, etc.”

Social Media

The average business spends between $4000 and $7000 per month on social media marketing. That’s because social media has proven its value as a channel for engaging customers. But mistakes happen, and many businesses have discovered to their sorrow that the wrong message can spread even more quickly than the right one.

What they want the C-suite to know about social media: “It’s very easy to make mistakes on social media, and those mistakes are out there forever.”

User-Generated Content

More and more companies are waking up to the notion that user-generated content is a high-impact, low-cost marketing resource. When it’s unmonitored, however, it also presents some risk.

What they want the C-suite to know about user-generated content: “User-generated content can be a great resource, but we don’t want to open the gates for content that reflects poorly on us and/or could hurt us financially.”


For many people, IT is a lot like a magic trick: everyone sees the final result but no one has any idea how it happened. Even the most capable users can be largely unaware of what goes on behind the scenes. And that means they don’t know which questions to ask. That makes it even more important for the employees in the trenches to raise the red flags they see. Examples include:

Development and Publishing Methodologies

This is where the magic happens — where the back-end processes that users rarely think of are critical to making sure things run smoothly. IT’s role in vendor procurement standards, for example, ensures the right APIs are in place to allow add-on products like CRM to integrate with existing systems. IT should also be highly involved in vetting third-party vendors (SaaS, cloud systems, etc.) and anyone else who has access to company systems.

Developers are also the ones who define how the company will execute the publishing standards defined by other functional areas. If Marketing specifies that the company logo will always use a certain font and color, the developers will determine how to make sure the logo renders correctly on viewers’ screens.

What they want the C-suite to know about development and publishing methodologies: “While outsourcing can be a great way to supplement IT resources and leverage specific skill sets, there’s always a risk of redundancy, incompatibility and threat vulnerability. Consulting IT before you enter into a contract with a third-party vendor can save both time and money. And if you've identified other standards to be implemented, you have to let IT know.”

Networks and Infrastructure

The bigger and more complex an organization gets, the more critical it becomes to make sure networks and infrastructure are sufficient, reliable and secure. Regularly scheduled testing — such as load testing to make sure the network is sufficient for handling the workload — is essential.

Learning Opportunities

Another essential step is to have disaster recovery plans in place, including a “Plan B” to fall back on in case the first-tier disaster recovery procedures fail. That often includes having duplicate systems in another location because, as many organizations have discovered during hurricanes and other natural disasters, backup systems are useless if they’re underwater, without power, etc.

What they want the C-suite to know about networks and infrastructure: “Investing in networks and infrastructure shouldn’t be viewed as a cost. They’re a foundational part of business continuity.”


All it takes is a quick glance at the headlines to understand how vulnerable our data is. The irony of the most recent attack — the Equifax breach affecting more than 143 million consumers — reminds us that even organizations directly involved in the protection of personal data aren’t invulnerable. What makes the Equifax breach even more disturbing is that they knew about the vulnerability, but the procedure they had in place for patching such vulnerabilities didn’t work.

While digital threats almost certainly keep a lot of CIOs up at night, those CIOs aren’t in the trenches fighting off invaders every day. That kind of expertise resides with the people who spend every day plugging holes in the company’s defenses. They know better than anyone else the kind of threats they fend off, where the company’s network is vulnerable, and what it will take to fix it. They’re also the ones best able to bridge that gap between theory and reality.

What they want the C-suite to know about security: “Data security is about more than passwords and firewalls. It covers everything from securing each touchpoint where data changes hands to controlling who has physical access to our servers.”


As the complexity of a global market increases, so do regulations designed to contain that complexity. The Washington Times reported that, in 2016, the costs of meeting federal regulations — federal, not global — topped $1.9 trillion. Add in international regulations like the Payment Card Industry Data Security Standards (PCI-DSS) and laws like the European Union’s General Data Protection Regulation (GDPR), and it becomes obvious that the folks who pore through all of that legalese every day bear a huge responsibility for the company’s well-being.

What they want the C-suite to know about compliance: “Big regulations don’t always make big headlines. Little details you’ve never heard of, such as which country our servers are located in, can cause major disruption as LinkedIn found when it was banned in Russia because its laws mandate Russian citizen’s data can only be stored on servers within Russian borders. And Facebook may soon be facing similar challenges. When it comes to regulation, details matter.”

Make Your Case

Once you’ve gathered input from your colleagues on the front line of the digital frontier, it’s time to use their insights to construct a compelling argument for making digital policies a priority in your company.

Create supporting documents:

  • An in-depth report that clearly states this has been a collaborative project crossing multiple functional areas. Present a cost/benefits analysis of your digital footprint. Talk about opportunities, risks and ways to mitigate those risks both quantitatively and qualitatively. In addition, do your best to estimate the costs associated with developing and implementing digital policies as well as the potential costs of doing nothing. And keep your eyes open for any current headlines that illustrate the importance and relevance of your argument.
  • An executive summary should recognize most decision-makers are rushed for time and are, in all likelihood, multitasking. For this document, don’t worry about grammar or using full sentences. All you need are bullet points and facts. For example:
    • Current revenue from digital presence: $$
    • Revenue at risk from lack of digital policy: $$
    • Examples of risks with estimated impact in dollars: $$

Keep it to one page. It can be rather disheartening to distill all of your hard work down to just a few bullet points, but you need to attract your executives’ attention before you can make your case. A one-page executive summary gives your odds a real boost.

Build an Alliance

This part takes some political finesse. Don’t go straight to the C-suite, even if you have some allies there. Even if you could convince the C-suite to develop a digital policy, the implementation would be dependent on middle management, so it’s not a good idea to alienate anyone. Here are a few tips:

  • Start with your own manager. Depending on your relationship, you might want to stress that you’ve been collaborating with peers and not going around their back to other managers.
  • Request meetings with the managers of the other functional departments, and be sure to invite the person you’ve been working with.
  • As you have these conversations, make note of any objections you hear. Objections are a good thing. They give you a chance to defuse the ones that don’t matter and to address the ones that do.
  • Those meetings will give you a good feel for what your next steps should be. If most people are on board, ask for their help in pushing your proposal up the ladder. If not, ask why they’re hesitant and what it would take for them to get on board.
  • At some point, it may help to share an outsider’s perspective. Think about whether anyone else in your network (other than someone working for a competitor) has experience you could leverage. If so, try to arrange a meeting where that person can share their insights.

Plan Ahead for Next Steps

If you don’t get the buy-in you need, don’t take it personally. You’ve laid a great foundation. Keep your proposal close at hand, along with your notes describing both positive and negative feedback.

Most of all, pay attention to what’s going on in the rest of the digital world. Every data breach, every social media “oops,” and every regulatory fine that turns up in your news feed is further support for your proposal. Print them out. Bookmark them. Save them to the curation tool of your choice. The point is to be ready to act as soon as the next window of opportunity opens (which it will).

fa-solid fa-hand-paper Learn how you can join our contributor community.