The GRC Red Flag Series: Navigating Privacy Regulations in 2021 & Building a Privacy Program

The GRC Red Flags Series with Michael Rasmussen

The GRC Red Flag series will identify and debate the current & future critical risks and regulatory changes that can impact businesses.

Privacy has become a field of landmines that organizations have to carefully navigate through. From the EU GDPR, California’s CCPA, South Africa POPIA, Canada’s PIPEDA, Australia’s Privacy Act, … the list goes on and on and on. With the potential for a Federal U.S. privacy law, it is about to become even more complex.

However, privacy is much more than complying with laws and regulations. In one large insurance company, the Chief Privacy Officer pointed to the plaque on her wall with the company mission statement about doing the right thing for the customer. She said, that is what privacy is about here. They go beyond regulation to ensure their clients data is used properly, with consent, and protected.

In today’s new era of ESG - Environmental, Social, Governance - we are seeing even more focus put on the principles of privacy under the S in ESG, the social aspect. Privacy of personal information is a social right and needs to be protected as part of the integrity and values of an organization.

Privacy is much more than data protection/security. Privacy is about the integrity and accuracy of data, the right of individuals to control and have access to their personal data, its appropriate and approved use, and data protection. This gets quite complicated in today’s environment of the extended enterprise in managing privacy risk and compliance across third-party relationships that are part of the organizations processes.

In this GRC Red Flag Series we will explore privacy in the context of:

The GRC Red Flags Series with Michael Rasmussen

  • Regulations, what organizations should expect from current and pending privacy regulations
  • ESG, the role of privacy in an organizations ESG program
  • Extended Enterprise, how to manage privacy across distributed third-party relationships
  • Best Practices, what is needed to manage privacy to be efficient, effective, and agile