Getting Prepared for a Decade of Privacy
As we get settled into the reality of living with both CCPA and GDPR, companies are looking for new approaches for keeping their privacy houses in order. CCPA reminds us that there is no end to new legislation: proposals are already coming in from states as varied as Nebraska, New Hampshire and Virginia. Similar legislative trends exist around the globe. How can companies be prepared to address this ever shifting legislative landscape? There are a few essential steps privacy officers can take, including (1) aligning the privacy team’s efforts with the underlying corporate mission, (2) having a clear understanding of both the company’s data and its use practices, and (3) having infrastructure in place that will allow for updates to notices and rights.
Privacy teams that have aligned their efforts with the company’s underlying mission will have an easier time getting buy-in from fellow employees. They will likely also find leadership support much easier. Those who have a clear understanding of their data assets and use practices will find making updates to notices -to the extent legal notice requirements change- a much more achievable exercise. Finally, given all the changes to privacy laws that are being contemplated by states and around the globe, having mechanisms in place to implement new practices will prove crucial.
Putting it Into Practice: If past history is any indication, privacy laws and enforcement priorities will be shifting over the coming decade. Privacy teams may want to take a different approach to prepare for change.