The least painful and easiest lessons are the ones that we can learn from others’ mistakes. As privacy professionals, it’s important that we take time to peruse the headlines and read articles that talk about others’ mistakes. Here are four things to keep in mind while you scan the news in order to bolster your own privacy program.
Look for headlines where fines and penalties, large breaches or other privacy- or security-related issues are discussed. Regulators take a hard line on mistakes that have been in the press and are then repeated by others. They often tell a detailed story about the organization and the issue depicted in the article.
As you read the article, make a list of specifics. A simple bulleted list enables you to check the facts of the instance and compare them to your own current practices. Look at your own organization and determine if this could also be a risk for you. If there is potential risk for your organization, take a deeper dive into the potential issue to determine if you need to put in place a corrective action plan.
Document your findings and the corrective action plan so that you have something that shows that you have identified the issue and that you are taking the steps necessary to resolve the issue.
Sign up for industry-specific newsletters, list-serves, professional groups and work groups. These are all great sources of information related to your industry. Document each headline, date of publication, source, issue, relevant fact, date of your analysis and outcome of your analysis. You may be asked by leadership, regulators or customers if you could potentially have the same issue. Having this documentation ensures that you are prepared and will make it easy to respond to inquiries.
Deidre Rodriguez, CIPP/US, has actively been working in privacy compliance for 10 years, including policy development, incident response, advisory support and strategic planning. Currently, Deidre is the director of the Corporate Privacy Office and Regulatory Oversight for WellPoint, Inc.