June 10, 2019
Framing Data Privacy as a Business Issue
Posted by Pippa Akem
Overwhelmed with all the developments in the data privacy space? Wondering how to navigate the challenges facing your organization? Have you been assigned the privacy compliance function? Not sure what those challenges are, or which ones take priority?
First things first: take a step back and realize you’re not alone as you ponder the path forward for handling your privacy challenges. Second, there is no one solution that fits all, as no two organizations are the same. You can look at the known risks in your industry but that doesn’t necessarily mean your organization faces those same risks. Third, understand you can’t do anything without a baseline framework, and certainly not without a basic understanding of what data privacy laws aim to accomplish.
Finally, and this is so important: you can’t do it alone. Like many life scenarios, there are always different angles or perspectives on what needs to be done, how it should be done, and what should be adjusted to achieve a particular outcome.
An approach to implementing data privacy
Here is a simplified plan to start shaping your organization’s data privacy practices:
1. Anchor your thinking by asking: Do we as an organization have a data strategy? What is it and what are the business drivers? To help answer these questions, bring together a small group within your organization that have privacy or data handling-related functions. Talk to them about their concerns and current practices they see as risky and want to be addressed. Remember, you don’t have to assemble all the privacy and security experts in the same place. Start simple and make sure you leverage the insight from the initial information you have gathered before reaching out to other business areas. Once you complete this first step, you should have a sense of what your goals should be and how you want to reshape your organization’s privacy practices.
2. Next ask: How are we faring with our compliance obligations? Data privacy focuses on the protection and security of personal information. With the increasing complexity and sophistication of business systems and processes, and electronic data format, you cannot function as a business without collecting or processing personal information.
Here’s the key takeaway: You need to know how your organization manages personal data input and output, storing points, who can access the data, how long data is stored and how the data is disposed of. Finding out should expose most of your organization’s privacy or data protection policies.
3. Create a vision statement by asking: How does the organization become the organization you want it to be? You need to know the weaknesses to know what needs to be fixed, and how to fix them.
You likely understand that your work as a privacy champion or steward is evolving. Gaining a solid understanding of the privacy principles and their drivers is a helpful way to build trust within your organization and a good confidence builder. Remember, there are many resources that can support your privacy efforts and help transform your organization’s data privacy strategy.
For more information on Armanino’s data privacy solutions visit Risk Assurance & Advisory Privacy Services.
Prior to joining Armanino, she held privacy functions at Fortune 500 companies supporting General Data Protection Regulation (GDPR) implementation and the transition to California Consumer Privacy Act (CCPA) compliance. Pippa holds the Certified in Healthcare Privacy Compliance (CHPC) designation and is a member of the Health Care Compliance Association (HCCA) and the International Association of Privacy Professionals (IAPP).