Friday, February 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Putting Data Security Risks in Perspective

The Proper Role of a Chief Privacy Officer

by Michael Volkov
August 26, 2019
in Data Privacy, Featured
glasses on table putting forest into focus

Michael Volkov explores what may be an unpopular opinion among some in the compliance community: In terms of risk management priorities, data security may be getting far too much attention.

This is likely to be a politically incorrect posting. I hope I do not offend too many people, especially those new data privacy professionals.

As kids, we were always excited when an ice cream truck visited our neighborhood offering a new ice cream flavor. For a brief period of time, the new flavor was the popular rage.

In the corporate legal and compliance world, we are witnessing an analogous phenomenon: the arrival and influence of the new data privacy officer.

I am not dismissing the importance of data privacy compliance, but I am suggesting that we all need to take a deep breath and put data privacy risks in context; while they may be the newest “flavor of the day,” they are not the exclusive or numero uno risk that has to be addressed to the exclusion of all other risks.

Yes, data privacy is new. No, that does not mean that every little data risk has to be mitigated to the point of elimination.

Some of this is just a learning curve and making room for a new and significant issue to be addressed. Let’s be candid: Data privacy government enforcement is not the most significant risk right now, although the legal risk from collateral litigation and potential reputational harm is significant.

Chief compliance officers have several significant risks that they face every day. Data privacy officers also face significant risks, but they do not face the scope and severity of multiple risks.

How does this issue come up? When a CCO is seeking to address a specific issue, a data privacy concern may be identified. A CCO then has to consult with the data privacy officer to determine the nature of the risk and to develop a solution to the potential problem.

Some data privacy officers take this as a moment to educate everyone in the room on data privacy, reiterate (over and over) how important data privacy risks are to the organization and then analyze the issue by insisting on eliminating all risks. CCOs are often forced to back down and permit the data privacy officer to declare the solution without any compromise or meaningful consultation. Such a dynamic is harmful to the overall compliance function and corporate management.

Honestly, this dynamic may change over time. As compliance officers learn more themselves about data privacy risks and companies gain more experience in this area, companies will naturally start to balance off risks and make educated decisions respecting risk trade-offs and overall risk management.

As the new compliance “kid” on the block, corporate actors are reluctant to counter data privacy concerns with competing business needs, risk tolerance determinations and realistic risk appraisals. Until that happens, the stature and influence of data privacy officers may be annoying to compliance and legal officers since they have observed other risks (flavors) of the month rise and fall with experience. Eventually, data privacy risks will blend with the overall compliance risk framework, earn a ranking based on experience and analysis and settle into its “rightful” (realistic) place in the risk management world.

Legal and compliance officers may become a little frustrated and even jealous of the data privacy officer’s role and influence. For now, they have to sit back and observe the data privacy officer’s disproportionate influence over senior management and the board until the issues start to settle. There is no reason to react negatively or seek to undermine the data privacy officer. On the contrary, this is a time to learn about data privacy legal and compliance developments, monitor enforcement actions and identify industry trends and best practices. After all, legal and compliance have a lot to add to management of this important risk.

This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.


Tags: Data Privacyinformation security
Previous Post

Debarment: Asia-Pacific Raises the Bar on Public Procurement

Next Post

ISO 27701: Will it Be the New GDPR Certification?

Michael Volkov

Michael-Volkov-leclairryan Michael Volkov is the CEO of The Volkov Law Group LLC, where he provides compliance, internal investigation and white collar defense services.  He can be reached at mvolkov@volkovlaw.com. Michael has extensive experience representing clients on matters involving the Foreign Corrupt Practices Act, the UK Bribery Act, money laundering, Office of Foreign Asset Control (OFAC), export controls, sanctions and International Traffic in Arms, False Claims Act, Congressional investigations, online gambling and regulatory enforcement issues. Michael served for more than 17 years as a federal prosecutor in the U.S. Attorney’s Office in the District of Columbia; for five years as the Chief Crime and Terrorism Counsel for the Senate Judiciary Committee, and Chief Crime, Terrorism and Homeland Security Counsel for the Senate and House Judiciary Committees; and as a Trial Attorney in the Antitrust Division of the U.S. Department of Justice. Michael also maintains a well-known blog: Corruption Crime & Compliance, which is frequently cited by anti-corruption professionals and professionals in the compliance industry.

Related Posts

woman looking at horizon from mountain top

What’s on the Horizon for Anti-Corruption Enforcement?

February 25, 2021
cannabis leaf on $100 bill

The Intersection of EDD and Banking Cannabis

February 24, 2021
gold cup award on red background with stars

Ethisphere Announces the 2021 World’s Most Ethical Companies

February 23, 2021
illustration of hand holding flashlight illuminating hidden stairs

The Corporate Transparency Act: Pulling Back the Veil

February 23, 2021
Next Post
thick hardbound book of standards

ISO 27701: Will it Be the New GDPR Certification?

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights