Navigating Privacy Regulations in 2021 and Building a Privacy Program
Privacy has become a field of landmines that organizations have to navigate through carefully. From the EU GDPR, California’s CCPA, South Africa POPIA, Canada’s PIPEDA, Australia’s Privacy Act, . . . the list goes on and on and on. With the potential for a Federal U.S. privacy law, it is about to become even more complex.
However, privacy is much more than complying with laws and regulations. They go beyond regulation to ensure their client’s data is used properly, with consent, and protected. In one large insurance company, the Chief Privacy Officer pointed to the plaque on her wall with the company mission statement about doing the right thing for the customer. She said that is what privacy is about here.
In today’s new era of ESG – Environmental, Social, Governance – we are seeing, even more, focus on the principles of privacy under the S in ESG, the social aspect. Privacy of personal information is a social right and needs to be protected as part of the integrity and values of an organization.
Privacy is much more than data protection/security. Privacy is about the integrity and accuracy of data, the right of individuals to control and have access to their personal data, appropriate and approved use, and data protection. This gets quite complicated in today’s environment of the extended enterprise in managing privacy risk and compliance across third-party relationships that are part of the organization’s processes.
In this GRC Red Flag Series, we will explore privacy in the context of:
Regulations, what organizations should expect from current and pending privacy regulations
ESG, the role of privacy in an organization‘s ESG program
Extended Enterprise, how to manage privacy across distributed third-party relationships
Best Practices, what is needed to manage privacy to be efficient, effective, and agile
Our host Michael Rasmussen
Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 27+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” – being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
OneTrust technology powers privacy, security and trust programs. More than 5,000 customers use OneTrust to build integrated programs that comply with the CCPA, GDPR, LGPD, PDPA, ISO27001 and hundreds of the world’s privacy and security laws. Our offerings include:
The OneTrust platform is powered by the OneTrust Athena™ AI and robotic automation engine, and our offerings include:
OneTrust Privacy Management Software
OneTrust PreferenceChoice™ Consent and Preference Management Software
OneTrust Vendorpedia™ Third-Party Risk Management Software and Cyber Risk Exchange
OneTrust GRC Integrated Risk Management Software
OneTrust Ethics Compliance and Ethics Software
OneTrust DataGuidance™ Regulatory Research Software
OneTrust DataDiscovery™ AI-Powered Discovery and Classification