Privacy is more of a priority than ever. With new, heavy-hitting regulations being introduced nationally and globally (such as GDPR and CCPA), as well as news about high-profile data breaches and mishandling of private information by companies, it’s not hard to see why.
The key to a successful privacy program is to manage your information throughout its lifecycle with strong governance rooted in policy. Without a strong information lifecycle management (ILM) program, it’s just not possible to ensure compliance and effectively protect valuable, sensitive information. The absence of a strong ILM program will also open your organization up to an exponentially increased exposure to risk.
Knowing what information you have, assessing any risks, and managing information throughout its lifecycle according to policy will help your organization maintain compliance and avoid exposure to risk. To achieve this you need to:
develop strategies and tools to manage data inventories and data maps
create a framework to assess risks and prioritize data remediation activities
find solutions for managing records such as retention schedules
Manage privacy and retention together
Managing privacy, ILM and retention together is crucial to maintaining compliance and protecting valuable information.
This integrated approach allows organizations to:
have a unified view of personal data and related obligations
dispose of private information as soon as possible
reduce unnecessary exposure to data breaches
An important part of this is ensuring that sensitive data, especially personally identifiable information (PII), is being securely disposed of when it is no longer needed. The failure to do so opens an organization up to not only the risk of a data breach, but also the risk of being found non-compliant with applicable regulations and facing the possibly reputation-ruining consequences.
To learn more, don’t miss our session at the IAPP Global Privacy Summit in Washington D.C. In this session, I will be speaking with Shannon Dahn, the FDIC’s Privacy Section Chief in the Office of the Chief Information Security Officer, and Carole LaRochelle, the PGA Tour’s Administrator of Information Governance and Records, about how to manage retention and personal data risks so that your company can move ahead. Confidently.