Feb 22 2021

Chief Legal Officers face mounting compliance, privacy and cybersecurity obligations

Category: Security ComplianceDISC @ 11:39 pm
How are companies’ legal departments changing to meet the needs of their organization and the needs arising from worldwide changes?

Organizations face much more regulatory compliance and privacy scrutiny than ever before, and everyone is under a constant threat of cyber breach or attack. Legal plays a critical role in ensuring that all compliance obligations are met, and overall risk to the organization is mitigated.

I firmly believe a new strategy is required to deal with these new converging market forces, one that is rooted in data management. What we’ve observed over the past couple of years is how you treat data is key to addressing so many of the concerns facing your organization. How an organization collects, stores, uses and secures its data ultimately determines the extent to which that data poses risks, incurs costs and provides value. All of these greater trends have combined to create new business challenges that no longer can be addressed by a single organizational department.

Let me give you an example:

Let’s say your company receives a California Consumer Privacy Act data access request.

First, you must securely validate the requestor’s identity. Then, you must route the request appropriately and act on it promptly. The person or group responsible for the data must locate it, collect it, review it, possibly redact information and then securely deliver this information to the requestor.

You can see how this request quickly crosses conventional divisions and responsibilities—it’s not just someone in your Privacy department’s responsibility – she will need to work with someone with expertise in e-discovery. And, if that user submits a request for data deletion, things get even more complex, because before deleting anything, you must first confirm that the information can legally be deleted (as it can be subject to retention requirements imposed by regulatory compliance obligations or a legal hold).

In this demanding environment, traditional approaches to enterprise data inventory and management are inadequate.

To help put this process into perspective, we like to ask six simple questions:

1. Do you know where your data is?
2. Do you know who owns your data?
3. Do you know what regulations govern your data?
4. Do you know what third parties have access to your data?
5. Can you forensically prove data integrity throughout all the processes that use your data?
6. Can you easily and quickly respond to requests for your data?

Chief Legal Officers face mounting compliance, privacy and cybersecurity obligations

Leave a Reply

You must be logged in to post a comment. Login now.