Podcast: Play in new window | Download (Duration: 13:53 — 12.8MB)
Subscribe: Apple Podcasts | TuneIn | RSS
Privacy is a huge compliance concern, but, as demanding as it can be it’s not unique.
In this podcast compliance veteran Deborah Adleman, advises that organizations need to remember that privacy is a compliance risk like so many others. Deborah is the author of the chapter “A Data Privacy Compliance Program primer: A Snapshot of Data Privacy Regulations, Risks and Compliance Program Effectiveness Strategies” in The Complete Compliance & Ethics Manual.
Start, she recommends, by applying your existing compliance framework. Looks to see who is involved in overseeing privacy, prepare regular briefings for the board and leadership, and determine when the last privacy risk assessment took place. Given the proliferation of privacy laws – CCPA, CPRA, GPR, as well as those of Canada, Brazil and others – a risk assessment can quickly grow out of date.
Don’t stop there, she warns. Spend time with functional and business leaders to figure out what data is being processed and for what purpose. Communicate to staff on security issues, especially those working from home.
And, also, conduct a privacy impact assessment. Knowing the risks is one thing. Understanding how a failure could affect both the business and individuals impacted is another. While you are doing it, don’t stop at the doors of your organization. Look, too, at suppliers to ensure they are handling the data properly and with sufficient safeguards.
Listen in to learn more, and be sure to also check out The Complete Compliance & Ethics Manual.