Monday, April 8, 2013

Mad about Data Privacy, Compliance and Risk Management

The long awaited return of Mad Men last night has inspired a good amount of creative reflection and activity -- and not just by your loyal risk editor, who once hosted Mad Men-themed Halloween party. Though rumaki, sampled that evening by the brave, has not stuck around as a modern culinary staple, Morgan Lewis partner Ryan McConnell, and associate Charlotte Simon, have offered a relevant and timely reference, more suitable for this blog. Via Law Technology News: "Don Draper of 'Mad Men', Data Privacy Compliance Role Model" --
  • "As companies design privacy compliance programs to protect against data breaches and the unintended use of personal data, each year countries revise privacy legal requirements and increase enforcement."
  • "Don Draper says, 'Change is neither good nor bad, it simply is.' Draper's advice is spot-on for data privacy compliance, because data privacy compliance programs have the same key components as all programs designed to effectively address compliance risks on a variety of topics, such as trade controls or anticorruption. The evolving focus of data privacy isn't inherently positive or negative, but the targets do and will keep changing."
  • "While there is no 'one size fits all' privacy program, an effective privacy compliance program has the buy-in of business leaders and key individuals in the organization — such as HR and IT professionals — and appropriate division of responsibility for the success of the program. A privacy compliance program is built on a framework that ensures employee and other sensitive data is only used and transferred for legitimate business purposes and retained for appropriate periods of time. Such a program also includes comprehensive data management procedures and sets forth written policy and IT security measures to limit access and use of protected information."
  • "Finally, Draper always does the hard work when it comes to protecting secrets. Your company's privacy program should have mechanisms for auditing data collection, use, and transfers, and clear protocols for responding to data breaches or unintended uses... Just like government-mandated airbags and cigarette warning labels eventually became the standard for addressing the kinds risks faced by our heroes in Mad Men, privacy regulations are here to stay."
As regulations like the recent HIPAA rule changes raise the requirements and stakes for law firms, organizations are taking additional steps to limit their exposure. (Of course, long time readers will recognize that these cyclical, repeating patterns -- and agree that carousel-like nostalgia for simpler times does little to obviate the need to respond to evolving challenges.)

And for those who've had enough pop culture references, see also, from LTN: "Four Threats to Confidential Data on Mobile Devices."

No comments:

Post a Comment