Background

Three ways to sell a privacy program to an exec who’s not listening

GDPR, HIPAA, FERPA, CCPA, CPRA, PIPL…

This is not a cat-running-over-the-keyboard situation, or someone playing Wordle after too many margs. The above spoonful of alphabet is just a tiny list of privacy regulations that an organization must track if it is handling customer data.

One way to follow the evolving laws is to implement a privacy program, a company initiative that sets objectives to protect client information and meet compliance standards.

A January ISACA survey of 1,890 IT pros, however, revealed an obstacle: 39% percent of respondents said a lack of executive support impeded the formation of a privacy program.

While privacy programs have a number of objectives—to find personally identifiable data, deploy access controls, and set up an audit schedule, to name a few—the benchmarks are meaningless without one key step: Get executive buy-in. Making the privacy case may involve a creative presentation of the costly consequences of non-compliance.

“If you can’t convince your CEO that privacy is important for your organization, it’s never going to get off the ground,” said Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance.

More soup. The General Data Protection Regulation (GDPR), passed by the European Union, imposes guidelines on data-collecting EU organizations, including a clear statement of purpose and limitation of storage. US laws like the California Privacy Rights Act, along with other state-specific initiatives, offer a web of standards that organizations must understand as they pull customer info from around the world.

Read the entire article here.


Discover more from Chad M. Barr

Subscribe to get the latest posts sent to your email.

Similar Posts