Privacy in a Ready Stance
We are only two months into the year, and there remains a clear message for all organizations:?get ready.??
Get ready?for new global privacy laws and evolving interpretations of those already on the books.??Brazil enacted a national law in 2019. China passed major privacy legislation in 2021.??And India is on deck to pass a law this year.??Many countries are considering new laws or revamping legislation that has not kept pace with the furious speed of data and tech innovation.??Indeed, Gartner predicts that?75% of the world’s population?will be subject to national privacy legislation by the end of 2023 (up from 10% at the start of 2020).??Meanwhile, regulator and court interpretations of laws on the books are increasing the complexities of data transfers, ad tech and much more.??For any business with a global footprint, the task of managing local variation in privacy law
Get ready?for the US privacy environment to heat up.???Let’s start with a bold prediction: we will not see US national privacy legislation this year.??But that doesn’t mean that privacy in the US is dormant.??Expect that a handful of states will introduce broad privacy legislation that builds from laws in California, Colorado and Virginia.??The state map?of privacy laws will certainly get more complicated.??Watch for a “private cause of action” (the ability for private plaintiffs to bring cases for damages under the law) – such a provision in a state law could be the catalyst for federal action.??And while we may not see a law from Washington, DC, the capital will be buzzing with FTC enforcement and possible rulemaking efforts.
Get ready?for a privacy talent shortage
Get ready?for C-suite and board attention.??Major companies are buying television time to promote national privacy legislation.??National politicians are stumping on pro-privacy platforms.??The G7?added privacy and data flows to a broad slate of priorities.??Clearly, privacy has become an economic, national and geopolitical issue.??Boards and CEOs have embraced the topic as well, placing early attention on risk management and compliance.??Ensuring your organization has good answers when the board asks about privacy compliance and risk management
领英推荐
But the top brass are also seeing the strategic value of privacy – the?human?value of privacy.??Getting privacy right means meeting the expectations that citizens have for our data.??And that doesn’t mean endless notices and preference pop-ups.??It means doing the hard work of building privacy programs deep in organizations and designing privacy consideration into new products and services from the start.??It means investing in the tools and technologies that serve as critical foundations to these programs (hot tip: you cannot manage data subject access requests on spreadsheets and email).??Investing in privacy program management
Get ready?for technological innovation to continue to challenge privacy
With the focus on the importance of data in today’s digital economy, now is the time to assess your organization’s readiness for an even more complex and challenging privacy landscape.??The trend lines of geopolitical, regulatory and technological trend lines all point in a similar direction.??Most organizations have the initial pieces in place to respond to today’s environment.??The smartest organizations are investing in this more complex future and embracing privacy’s strategic value by building teams deep in talent, investing in the tools and tech to do the job, and – most of all – getting ready for all that is to come.???
?
Privacy, Data Protection, Compliance | CIPP, CIPM, FIP
3 年Well put. "?And while we may not see a law from Washington, DC, the capital will be buzzing with FTC enforcement and possible rulemaking efforts." Working. Law.
Delivering what matters - Trusted by some of the largest UK providers in the logistics sector enabling them to streamline processes, manage risk and power productivity.
3 年A great article. Privacy should not be a compliance exercise aimed at satisfying regulators and avoiding fines;?it’s an ethical commitment to earning and retaining the trust of people. Customers are more likely to choose, buy from, recommend and stay loyal to businesses they trust. Employees too will be more willing to join an employer they trust with both their data and with customer data; they’ll stay longer and work harder. Good privacy lies in winning and keeping that trust. The eight principles of the GDPR are merely signposts to some of the behaviours that achieve that goal; treating privacy regulation as an exercise in compliance box-ticking, while it might mechanically produce some of the outcomes intended by the legislation, will not bring with it the deeper bond that inspires confidence.
Experienced Human Resources, Privacy and Policy Professional
3 年A very well written synopsis! Organizations need to view privacy as a value - a part of every decision that they make (like safety) - rather than simply a priority. Priorities can change. Values are the basis of decisions and strategy.
Vice President & Global Chief Privacy Officer | Strategic Advisor | Consultant
3 年Well said, Trevor. The companies that recognize privacy as a central core strategy will succeed across the board, regardless of the sector they operate it in. The ones that treat it as a check box function will struggle. The marketplace continues to show a direct correlation.