Create an Airtight Privacy Program: Manage Privacy and Retention Together

Kelly Matoney

Privacy is more of a priority than ever. With new, heavy-hitting regulations being introduced nationally and globally (such as GDPR and CCPA), as well as news about high-profile data breaches and mishandling of private information by companies, it’s not hard to see why.

The key to a successful privacy program is to manage your information throughout its lifecycle with strong governance rooted in policy. Without a strong information lifecycle management (ILM) program, it’s just not possible to ensure compliance and effectively protect valuable, sensitive information. The absence of a strong ILM program will also open your organization up to an exponentially increased exposure to risk.

Knowing what information you have, assessing any risks, and managing information throughout its lifecycle according to policy will help your organization maintain compliance and avoid exposure to risk. To achieve this you need to:

  • develop strategies and tools to manage data inventories and data maps

  • create a framework to assess risks and prioritize data remediation activities

  • find solutions for managing records such as retention schedules

Manage privacy and retention together

Increasing privacy concerns and regulations, like the GDPR, are elevating the need for privacy and retention to be managed together. However, most organizations don’t do this. Instead the usual practice is to have the Records & Information Management department govern policy for how long to keep records and then, separately, have a privacy team managing the privacy policy for records.

Managing privacy, ILM and retention together is crucial to maintaining compliance and protecting valuable information.

This integrated approach allows organizations to:

  • have a unified view of personal data and related obligations

  • dispose of private information as soon as possible

  • reduce unnecessary exposure to data breaches

An important part of this is ensuring that sensitive data, especially personally identifiable information (PII), is being securely disposed of when it is no longer needed. The failure to do so opens an organization up to not only the risk of a data breach, but also the risk of being found non-compliant with applicable regulations and facing the possibly reputation-ruining consequences.

To learn more, watch our webinarBuild Your Foundation: Strategies and Tools for Managing Retention and Personal Data Risks.  In this webinar, I  speak with Shannon Dahn, the FDIC’s Privacy Section Chief in the Office of the Chief Information Security Officer, and Carole LaRochelle, the PGA Tour’s Administrator of Information Governance and Records, about how to manage retention and personal data risks so that your company can move ahead. Confidently.

 

More in IG, Regulations & Compliance

Comments

SHARE YOUR COMMENTS HERE