Later this week, January 28, 2021 will mark International Privacy Day: a day corporations release educational efforts around privacy and data protection. There are many reasons to approach privacy proactively in 2021: (1) January 28 will mark the second week of a new US administration, one which will likely focus more on privacy and data security; and (2) laws and enforcement in this area continue to change and develop, as we reported last year. With this in mind, privacy and data security practitioners may find themselves behind with reactive approaches. Reactivity is also costly, both monetarily and resource-use wise.
To be proactive, companies can take an adaptive approach to customized privacy compliance to their organization. One that, instead of needing constant modification as laws or practices change, can grow and adapt as those inevitabilities occur. An adaptive privacy program, most critically, is both aligned with and supportive of the organization’s underlying mission, vision and goals. Such a program is bespoke to the organization, and avoids extraneous elements or those that do not account for the company’s ultimate activities and needs. The program also takes into account both regulatory and litigation risk, and is flexible enough to adapt as those change. Finally, it is a program that the organization can get behind and support. From line managers to senior leadership, it is a program that is digestible and around which people can easily be trained.
Putting it Into Practice: In recognition of Privacy Day 2021, this week’s blog series walks through core elements for developing a right-sized privacy program, one that will ideally provide better legal protections than taking an off-the-shelf, create-it-as-you-fly-the-plane approach.