Maria D’Avanzo, Traliant Chief Evangelist Officer, attorney and former Chief Ethics and Compliance Officer, recently shared advice on how legal, compliance and HR professionals can take steps to build an effective privacy program that safeguards customers’ trust and loyalty, complies with disparate privacy laws, and meets the expectations of regulator, customers and employees.

Below are some of the questions Maria covered during the webinar. 

How can an organization ensure its privacy program adequately protects the privacy rights of employees and consumers?  

First, you need to be aware of the kinds of data your company possesses. Do you have Personally Identifiable Information (PII), financial information or healthcare data? 

Second, you should understand the laws applicable to your organization, such as General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), and the potential data risks it faces. Put in place a program that meets or exceeds the most restrictive regulations and then create a privacy program that rises to that level.   

Third, ensure employees are educated on your company’s data privacy requirements and their individual responsibility to safeguard sensitive information from unauthorized or accidental disclosure and cybersecurity breaches. This should include ongoing data privacy and information security training. 

Lastly, communicate regularly on data privacy and information security to reinforce employee awareness. Have your Chief Information Security Officer periodically send emails to employees reminding them how to recognize phishing attempts. Follow up by conducting internal exercises to test whether employees will click on a phishing link. If someone does, have them take additional training.  

How can organizations ensure third-party service providers handling employee and consumer data comply with privacy regulations and maintain adequate data protection measures? 

Third parties can pose a data privacy and information security risk to your organization. It’s crucial your service providers understand your company’s privacy program and requirements and that you’re doing your due diligence and periodically auditing them to confirm they are compliant and not putting your customers, employees and shareholders at risk.  

Taking these steps can’t insure against something going wrong, but they can partially protect your organization from liability should a data exposure incident occur. If you haven’t been looking at your third party programs, reading their policies and procedures, asking questions and don’t know if they are doing data privacy and information security training, you’re going to have to deal with the fact that you’re at greater liability if something goes awry because you didn’t not fulfill your data privacy obligations to stakeholders. 

How do I know if my company needs a privacy program or strengthen the one it has? 

First, assess your situation. Answering “yes” to these questions suggests there is a need: 

  • Do we lack confidence that we are identifying and mitigating all the privacy risks that apply to our organization?
  • Do our main stakeholders (e.g., regulators, employees, customers, third parties) expect us to have a formal enterprise-wide privacy program?
  • Are there opportunities to reduce duplicative efforts or make our privacy policies more consistent throughout the organization?
  • Would we benefit from having one or more subject matter experts to consult with on new projects?
  • Do our employees or customers ask for more information or documentation about our privacy related efforts?

Next, take action by: 

  • Identifying an executive sponsor
  • Selecting a leader for the privacy program
  • Set a budget
  • Coordinate with key stakeholders
  • Make the business case for privacy as a key risk

Traliant On-Demand Webinar

Click here to listen to the complete on-demand replay of Traliant’s webinar Creating a Privacy Program: Steps Legal, Compliance & HR Pros Can Take to Effectively Manage Consumer and Employee Information. 

Traliant Privacy Report

Click here to download our newly published report “Staying Compliant in the Face of Disparate Privacy Laws” on how to implement a privacy program across your organization’s geographic footprint to meet the growing regulatory patchwork of privacy laws.