October 3, 2022

Volume XII, Number 276

Advertisement

October 03, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

Do privacy frameworks ensure that a company is compliant with data privacy laws?

No. A privacy framework describes a set of standards or concepts around which a company bases its privacy program. Typically, a privacy framework does not attempt to include all privacy-related requirements imposed by law or account for the privacy requirements of any particular legal system or regime. As a result, a company can utilize a privacy framework to build its privacy program or audit its maturity against a privacy framework and yet not be in compliance with specific provisions of data privacy laws. This can occur because a particular privacy law contains additional proscriptive requirements that are not captured by a privacy framework. For example, compare the following provision in ISO 29100:2011 and analogous provisions in the GDPR involving the identification of a point of contact for privacy related concerns:

A U.S. company that sells products to individuals in Europe could be compliant with the ISO 29100:2011 requirement by identifying the name of a privacy officer in the United States as a primary point of contact. While it would be complying with some GDPR requirements (i.e., Article 13(a) and/or Article 14(a)), it might not be fully compliant with the GDPR as Article 27 requires a point of contact that is physically in the European Union.

©2022 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XII, Number 165
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

David A. Zetoony Privacy Attorney Greenberg Traurig
Shareholder

David Zetoony, Co-Chair of the firm's U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he has defended corporate privacy and security practices in investigations initiated by the Federal Trade Commission, and other data privacy and security regulatory agencies around the world, as well as in class action litigation. 

David receives regular recognitions from clients and peers for...

303.685.7425
Advertisement
Advertisement
Advertisement