It seems like every company has major data and privacy vulnerabilities. Is a statement like that just scaremongering, or is it on target?
Smith: While some chief privacy officers may take issue with the qualifier “major,” I think all would agree that vulnerabilities abound. For confirmation, you needn’t look farther than the latest data breach headline.
Mountenay: I agree. And even for companies that have invested in a privacy and data security program, some may view it erroneously as nothing more than a box to be checked, thinking, “ We’ve done that. We’re compliant, so we won’t be in the next headline.”
Allen: Yes, that’s dangerous thinking. Compliance is dynamic. It’s not a one-and-done sort of thing. As laws continue to evolve and cyberthreats continue to shift, a company’s privacy compliance efforts need constant reassessment and recalibration.
Do you think that companies are doing enough to look internally at their own employees’ data and privacy concerns?
Goldstein: I think that’s the elephant in the room. Oftentimes companies are focusing solely on customer data and customer relations, forgetting about the privacy and security implications of their own workers’ data. Given the sensitive information collected from and about employees, companies need to ensure the adoption of policies and procedures that comply not only with employment laws, but data security laws as well.
How are companies getting ahead of the data security obstacles in their strategic growth discussions?
Smith: Smart companies are taking a holistic approach to privacy compliance, no longer looking at it as just a legal issue or an IT issue. They are building teams with members from diverse business units to identify vulnerabilities and mitigate risks across the entire organization.
Mountenay: And to a certain extent, they’re looking to develop and streamline strategies that satisfy—or strive to satisfy—the varying requirements of different laws and jurisdictional requirements. Not an easy task, for sure, but documentation of those strategies is key.