Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance
In May of 2020 I was honored to speak at the MERv conference with John Frost of Box on the topic of Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance. Below are some excerpts from my transcribed remarks.
ON KEY PRIVACY ISSUES TODAY…
What’s important to remember here, overall, is that making your privacy plan a key component in your compliance program isn’t just helpful. These days it’s really a strategic imperative. That’s not only because it’s a hot topic or because it’s a growing regulatory requirement, but because it naturally enhances the way our organizations, and specifically our compliance and infosec groups, treat and value ALL of the data they’re responsible for testing and for securing, and in validating and protecting PII, we’re actually adding a layer of assurance that improves both internal operations and the customer experience.
Privacy makes data governance ethical and tangible, and compliance leaders understand that. Today, what we’re going to walk you through is what that awareness and proactive approach look like through the eyes of project leaders during three stages of compliance, prevention, maintenance, and retrospective.
What’s important to remember here, overall, is that making your privacy plan a key component in your compliance program isn’t just helpful. These days it’s really a strategic imperative.
I just want to point out that privacy, conceptually, is, of course, ancient really. People tend to forget that. I mean it has been written into legal codes even before the constitution as a Records and Information Governance community we’ve been dealing with it, from HIPPA to SOX, in one form or another. What’s different today at least in the business world is that the thresholds that trigger compliance these days aren’t industry-specific. Instead, they’re related to annual revenue and the number of data subjects you interact with, so that’s why we see a broader cut of industry’s being looped into these new demands of GDPR and the CCPA.
ON UNDERSTANDING TODAY’S REGULATORY COMPLEXITIES…
Privacy leaders have been asked about the volatile regulatory environment and a clear majority of privacy leaders rank keeping pace with the new regulatory landscape as a pretty important factor in their strategy…. Research also that a minority also are not confident that they have a framework for helping them adjust to that change. So, that’s what we’re aiming to address here today in terms of strengthening that IG program so that it helps buttress or even drive your privacy goals.
[Another] insight we’re sharing with you involves metrics. And we all know metrics is the heart and soul of compliance to a large degree. And we see that finding those metrics to measure their programs is somewhat lacking for the majority of those surveyed. And that results in the majority of leaders being unable to effectively report on their program outcomes.