March 2, 2021

Volume XI, Number 61

Advertisement

March 02, 2021

Subscribe to Latest Legal News and Analysis

March 01, 2021

Subscribe to Latest Legal News and Analysis

Elements of Right-Sized Privacy Program: Strategic

One of the biggest difficulties companies may face for effective privacy program implementation arises if they neglect strategy and focus only on the law. Namely, developing policies and procedures that mention legal requirements, but fail to address the underlying business purpose of those policies and procedures. Certainly, compliance with the law is critical. But it is not the only part. And, importantly, since regulators expect companies to follow their policies and procedures, taking time to strategize -and address how a company will comply with its policies and procedures- is critical.

Professionals implementing a right-sized privacy program, from a strategic perspective, can take several steps:

  • First, a strategic program is one that takes into account and supports the underlying business needs. What are the goals of the organization? What is the current environment in which it is operating? What challenges does it face? What are its existing strengths? The program is then designed around that reality.

  • A strategic program is also one that is implementable, not aspirational. It is one that can be easily understood by company personnel (and thus followed), and training to adhere to the program is achievable.

  • Finally, a strategic program is one that takes into account the fact that corporate activities are ever-changing, as are privacy and data security laws. A strategic program anticipates that modifications will be needed, and is not designed with a “set it and forget it” approach.

Putting it Into Practice: Companies face ever-shifting privacy requirements. Developing a flexible, holistic and right sized privacy program can help in this rapidly-changing world. The next article in this series will look further into how a program can be customized to the company.

Advertisement
Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XI, Number 26
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney
Partner

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

312-499-6335
Advertisement
Advertisement