Organizations in all sectors need to end "the dichotomy between privacy and security" and avoid a checklist approach to privacy protection.