March 1, 2021

Volume XI, Number 60

Advertisement

March 01, 2021

Subscribe to Latest Legal News and Analysis

Elements of Right-Sized Privacy Program: Customized

As mentioned in the prior post in this series, a strategically developed privacy program can help support companies in a rapidly changing legislative and enforcement environment. As part of taking a strategic approach, companies attempting to create a right-sized privacy program will want to customize their program to their company. Privacy and data security laws place bespoke obligations on companies. Privacy notices need to describe the company’s practices. Data security laws anticipate policies that are designed for the risks that the company faces.

To customize a program, the start is not taking an off-the-shelf policy or copying the approach of a competitor. Instead, privacy professionals will look at their organization’s strategic needs, and weigh those against its strengths, weaknesses, opportunities and threats. (Yes, a SWOT analysis!) From there, a company could borrow from strategic management tools and take a “scorecard” approach, along the lines developed by Robert Kaplan and David Norton.  Using this approach, the privacy office can think through what personnel and infrastructure it needs to reach the strategic goals it has set out. To help underscore the need for those resources, it can then reflect on what the impact will be on its “consumers” (i.e., the internal stakeholders whom it supports). Similarly, how having those resources will support the company’s financial goals.

Putting it Into Practice: Change management tools can help privacy professionals customize their approach and develop a truly right-sized approach for privacy compliance. This one-sheet can help your organization think through developing a strategic privacy approach.

Advertisement
Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XI, Number 27
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney
Partner

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

312-499-6335
Advertisement
Advertisement