On Demand Library
Created in partnership with
Privacy Compliance Basics
5:26
Legal Disclaimer 
The information provided in this video does not, and is not intended to, constitute legal advice, instead, all information, content, and materials available on this site are for general informational purposes only. The law changes fast, so information in the video may not constitute the most up-to-date legal or other information. 
Overview of Major Global Privacy Laws
General Privacy Law Principles
What Kinds of Companies Need to Worry About Health Data?
Overview of US Privacy Laws
Who Engages in a Data Breach?
Transcript

00:12
Adam Stofsky
Shannon, I'd like to ask you a practical question. How do companies, how do they handle these privacy laws internally? What do they do on a day to day basis to make sure they're complying with the law? 


00:24
Shannon Yavorsky
Yeah. So it's really critical for companies to have a well structured privacy program. It's really essential for organizations to manage and protect personal data effectively, while complying with data protection legislation can talk about some of the core features of a privacy program. Typically includes data governance, so establishing really clear policies for how personal data is processed, stored, and disposed of within the organization, defining roles and responsibilities related to privacy, and assigning a data protection officer. Second is data inventory and data mapping. So where does the data live within the organization? And maintaining an inventory of all personal data, including its sources and why it's being processed, is really helpful for companies to identify potential risks and vulnerabilities, just knowing where the data lives within the organization. And then of course, their privacy notice or privacy statement. 


01:30
Shannon Yavorsky
And that is the document that communicates the organization's practices with respect to data collection and use to individuals, so to consumers or to other businesses. And it's required by law in many cases. And it's really important statement of a company's compliant that's the public facing privacy notice. There may also be privacy notices for employees and applicants that the company also has to implement. A few other features of a privacy program. Data security is an obvious one, so making sure that there are good security measures in place to protect data from ransomware attackers, from cybersecurity leaks. This includes things like encryption, access controls, data minimization, and security assessments. Another piece of privacy compliance program is data subject rights. 


02:34
Shannon Yavorsky
And what I mean by that is, lots of different privacy laws offer consumer right individuals, so the right to access their data or for their data to be deleted. And the company needs to have in place a process for being able to respond to those requests. So what does the company do when it receives an access request? Do they know what the sort of procedure is for? Where do we look for that data? Are we responding to the individual? It's a really key feature of a privacy program. And then I think I'll talk about two more that I think of as really important parts of the program. Employee training, so making sure that employees are trained on and there's an awareness of how the organization treats privacy and what the best practices are. 


03:24
Shannon Yavorsky
And I have one client that sends around on every email from the privacy office. It has a little tagline like this is what constitutes personal data. So that kind of awareness creation every day, but also for training seminars like this one, right? Making sure that people understand what the obligations are. And then the last one that I'll mention is contracting. And this is really an important one. And it's about ensuring that there are privacy and security provisions in the company's commercial contracts. So where there's data shared with a third party, certain laws have obligations with respect to what terms have to be included in the agreements. 


04:09
Shannon Yavorsky
So ensuring that the contracting process and even the whole lifecycle of the contracting process, from pre engagement diligence so that's things like understanding what this counterparty's security posture looks like all the way through to negotiating the privacy and security terms and then auditing it or monitoring it on an ongoing basis. So those are what I think of as some of the core features of a good privacy program. 


04:39
Adam Stofsky
Okay, so normally I like to summarize these things, but I think this might be too much. Let me see if I can remember. We talked about data governance, data mapping, privacy notices, right. Communication, externally contracting. I'm going to I'm totally out of order now. Contracting processes for individual rights requests and dealing with kind of rights of data, subject rights, data security, and did I. 


05:07
Shannon Yavorsky
Miss any one more training? 


05:11
Adam Stofsky
Yes. How can I forget about training? It's like what we're doing right now. Okay, so there's our summary. Wow, that was super helpful, Shannon. Thank you. 

PDFs
Audio
Share Video
Embed Video
© 2024 Briefly
Terms of Use
Privacy