Sign up for more with a complimentary subscription to Today’s General Counsel magazine.
How Legal Ops Can Navigate the Evolving Minefield of Data Privacy
September 11, 2023
With no federal guidelines for data privacy in place yet, Legal Ops professionals and security officers may find themselves navigating a minefield of state data privacy legislation and regulations, according to a SecurityMagazine.com blog post. As new laws and regulations are enacted, these are five investments your organization can take to adapt and reduce risk.
- Assess your organization’s business model and data practices. As state data privacy regulations are typically based on the type of data collected and state of residence, knowing what data the business collects and where the persons reside will determine the laws and regulations that should be followed.
- Make sure you have an information security program in place documenting your organization’s privacy and security statements and policies. Because programs and products evolve over time, establishing systematic reviews will be critical.
- Restrict how your third-party vendors use the personal data and confidential information they share or receive. As federal and state laws increasingly require companies to oversee their third-party vendors and suppliers, you will need to build data protection into your service contracts.
- With the rise of remote work, employees themselves are often the largest risk for data vulnerabilities. Develop policies that reduce employee vulnerability to cyberattacks and train your employees on those policies.
- In response to the proliferation of cyber threats, certain states, insurance companies, and customers now require businesses to have an information security plan and/or incident response plan. Organizations with these plans almost always emerge from a cyberattack stronger than those without one.
Share this post: