Organizing Data Privacy within a Company

While it is almost assumed that large companies with household names will have data privacy in place, did you know that it is equally important for smaller companies to also have things like IT governance, data privacy, and information security in place. Whereas, larger organizations likely have greater risks and thus, have more of a reason to invest in protecting the privacy of sensitive data, data breaches can happen to all. However, a quick literature search suggests that data privacy is being treated as an afterthought to security for many organizations. This is extremely problematic once you consider the rate of cloud adoption and volume of sensitive personal data companies of all sizes are adopting and using.

In many organizations, privacy may fall only within a legal department or in designated offices that focus on privacy issues and that report to a Chief Privacy Officer (“CPO”). However, other ways organizations can organize their data privacy for all levels of the organization include:

  1. Drafting, reviewing, or revising privacy related policies and privacy related procedures (e.g., having an updated privacy policy in place).
  2. Providing core privacy training to all or almost all employees, as well as specialized privacy training for employees that have contact with personal information. Make sure that training if updated and offered periodically.
  3. Responding to privacy related complaints or questions in a manner that fit’s with the organization’s privacy policies and in accordance to legislation.
  4. Conducting a data inventory or a data map.
  5. Continuously working with developers, designers, or marketers to design privacy protections into new products, services, or promotions
  6. Consumer product executives should consider viewing data privacy and security not just as a risk management issue, but as a potential source of competitive advantage

The risk is growing. Data privacy is becoming ever more important to businesses of all sizes. While it may seem daunting and fears of a data breach may be increasing, there is an upside.

Having executive data privacy policies in place help to build consumer trust. This is very important considering the strong connection between consumers’ perceptions of data privacy and security practices and profitable success of organizations.

The Office of the Privacy Commissioner of Canada offers a ‘Privacy Toolkit for Businesses’. To learn more, visit:

https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-compliance-help/guide_org/

 

Leave a Reply

Your email address will not be published. Required fields are marked *