No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Keeping Up with Ever-Changing Privacy Regulations

Establishing a Strong Foundation to Ensure Compliance

by Itzhak Assaraf
September 29, 2020
in Data Privacy, Featured
Keeping Up with Ever-Changing Privacy Regulations

Trying to keep up with ever-changing privacy regulations may feel like running on a treadmill; sure, you’re moving — but you aren’t getting anywhere. 1touch.io’s Itzhak Assaraf discusses a solid strategy for dealing with this constant change.

Data and Privacy Regulations: The Ultimate Moving Targets

Keeping on top of something that never stops shifting is challenging.

Consider for a moment the information security world: Preventing threats from making their way past a changing perimeter is definitely no small task. But in that scenario, while the perimeter itself may change, thus requiring new methods, the nature of the data beyond that border is typically of little importance — as long as it’s secured.

Not so with privacy regulations and the data they concern; when it comes to privacy, we’ve got a dual challenge going on.

The first part concerns keeping up with the dynamic and always-changing PI (personal information) and PII (personally identifiable information) we hold regarding data subjects: Each time a customer makes a purchase or updates or redacts their information in your system, the data you hold on them changes accordingly.

Then there is the second, constantly-in-flux element: Keeping up-to-date with an ever-evolving and growing privacy regulation ecosystem. Ever since the EU’s GDPR (General Data Protection Regulation) came along in 2018, new laws have been cropping up, each with their own requirements and definitions. For example, while GDPR grants data subjects eight rights, the California Consumer Privacy Act (CCPA) grants five. And while Brazil’s Lei Geral de Proteção de Dados (LGPD) has 10 different categories of data that can be collected, GDPR only allows for six.

And then regulations like the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act (SOX), the Gramm-Leach-Bliley Act (GLBA), Canada’s Protection of Personal Information and Electronic Documents Act (PIPEDA) and the Health Insurance Portability and Accountability Act (HIPAA) all have their own requirements and define personal data in their own ways. Furthermore, state-issued regulations will soon be enacted in New York, Maryland, Massachusetts, Hawaii and North Dakota. Each of these burgeoning laws has its own stringencies and nuances regarding the types of PI and PII considered to be under their jurisdiction.

And, somehow, your business must be able to keep up with all these moving parts to ensure you do right by your customers who have entrusted you with their data. Moreover, you need to be able to respond to data subject requests in a specified number of days, according to each regulation. When a deluge of requests come in, ensuring you respond in the most optimal and complete way can be daunting. So how in the world are organizations supposed to keep up with changing regulations and dynamic data?

Laying the Foundation

The first thing to know is that it is possible to stay ahead of the game despite the constant flux state in data regulations.

To illustrate, let’s imagine you’ve got a sprawling apartment building with a solid foundation. Builders may add on floors, knock some down, remodel things and even put in a pool here and there – but no matter how the walls, furniture, fixtures and tenants may change over time, the foundation remains solid. Immutable.

The essence of any and all privacy laws is always the same: to grant data subjects with rights and to enable them to take charge of their data. The definition of rights changes from regulation to regulation (e.g., GDPR does not grant the same rights as CCPA or LGPD), and regulations and what they require from us are subject to change as well. And as we all know, the data we hold changes all the time.

Adhering to all these moving parts would be very hard, if not impossible, without a solid foundation based on an entirely transparent understanding of the data you hold.

Once you’ve established your foundation, adhering to regulations becomes simply a matter of understanding what data correlates to which regulation. This means that even if an addendum is made to a regulation or you enter a new market (e.g., you begin to serve Singapore and need to adhere to the Personal Data Protection Act (PDPA)), you are still good to go, because you already have the basics required by any privacy regulation. From that point on, it’s all nuanced procedures and management that you can adopt and retrofit to any regulation.

Putting it Into Practice

To make this a reality, you need the right tools and policies. Let’s explore how organizations can ensure they have the rock-solid foundation needed to easily manage and sustainably comply with any privacy regulation, no matter how they may change:

Get Legal Guidance – Initially, it’s wise to consult with in-house or external legal counsel (which likely depends on the size and nature of your business) to understand which privacy laws you need to be adhering to – and how that reality might change if there are changes within your organization. Not every law will apply to every company, so first determine which are the ones you need to be addressing.

Make Privacy the Company Default – Organizations that choose to embrace privacy as their new default will have an easier time implementing any new initiatives and navigating older ones as they change. Make sure that the concern for privacy extends beyond the legal, privacy and security teams by including other teams in discussions regarding policies and finding out what they need to make privacy a reality. Create policies that anyone in your organization can easily understand, and work to rebrand customer data as something to be protected and upheld, instead of an asset to be mined, analyzed and sold to the highest bidder.

Invest in Data Management/Governance, Regulation and Compliance Tools – Start by selecting a tool that enables you to create and manage compliance policies. Look for a legal-oriented tool that has an excellent track record of always staying up-to-date with the latest changes, nuances and regulations – and that covers as many regulations as possible. These are usually subscription-based tools, making it simple to switch providers if the one you’ve chosen does not meet your needs.

Don’t Forget About Data Discovery and Mapping Tools – Here is how you can effectively establish that solid foundation: A robust data discovery and mapping tool will continuously reveal all the data you hold, enabling you to correlate that data to identities and become sustainably compliant with any regulation. By locating all PII and PI, whether in motion or at rest, structured or unstructured, known or unknown, you can create the definitive basis upon which any privacy laws can easily be obeyed. The ability to automatically discover the PI and PII you hold, no matter where it is stored on your network, enables the creation of a solid foundation. As long as you have a solid data discovery process, no matter what else is in flux, you can fulfill requirements and remain sustainably compliant, no matter how laws and data may evolve.

Conclusion

Privacy laws – and the data organizations hold – change at a breakneck pace, but that shouldn’t be a source of dread for businesses. With the right approach to dealing with the constantly changing state in place, it all becomes a matter of establishing a strong foundation and then plugging the remaining variables into place.


Tags: California Consumer Privacy Act (CCPA)GDPRPersonally Identifiable Information (PII)
Previous Post

Protiviti’s Guide to Business Continuity & Resilience

Next Post

PwC’s 2020 Annual Corporate Directors Survey

Itzhak Assaraf

Itzhak Assaraf

Itzhak Assaraf is CTO and Co-Founder of 1touch.io, a global leader in personal data and networks analytics. He has more than 20 years of experience in all aspects of technology, software, network, security and hardware. Itzhak has held senior management positions with companies including Leumicard, Sapiens, Praxel, Inc. and Wirebilling. He holds a software engineering degree in computer science from Sela University.

Related Posts

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

uk ico data access

UK’s Data Protection Regulator Signals Crackdown on Access Request Violations

by Jonathan Armstrong and André Bywater
October 5, 2022

Data privacy laws in the EU and UK established the right of individuals to find out what personal information organizations...

cpo and ciso

Allies in Privacy, Security & Compliance: Why Closer Collaboration Between CPOs and CISOs Benefits Everyone

by Maria D'Avanzo
September 28, 2022

As a former chief privacy officer (CPO) of a publicly traded commercial real estate services firm, Maria D’Avanzo worked in...

Next Post
PwC’s 2020 Annual Corporate Directors Survey

PwC's 2020 Annual Corporate Directors Survey

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT