An effective privacy program takes into account legal requirements and litigation risk. While this series advocates for starting with strategy and designing a customized approach, this does not mean that legal obligations and risks should be ignored. Instead, by starting with strategy and focusing on customization, many legal risks can be better managed. If the legal requirement in a given law is that a data security policy addresses the risks a company faces, for example, a company is better off with a customized policy. For this reason, addressing the law can be thought of as the middle of the project, rather than the start. (See more in a recent article we published.)
Continue Reading Elements of Right-Sized Privacy Program: Addresses the Law