Organizing Data Privacy Within A Company

BCLP
Contact
LinkedIn
Facebook
X
Send
Embed

Although organizations have dealt with privacy issues for years, only in the past decade have they begun to view the complexities of privacy as requiring formal organizational structure, dedicated employees, and/or dedicated resources. While in some organizations “privacy” falls within the ambit of the legal department; other organizations have created offices that are focused solely on privacy issues and that report to a Chief Privacy Officer (“CPO”). There is little commonality in how these offices are staffed, funded, or organized. For example, while some CPOs report directly to senior management, others report through a General Counsel or a Chief Compliance Officer.

85%

Percentage of CPOs that spend at least 50% of their time on privacy-specific activities.1

9

The average number of years of experience CPOs have in privacy related roles.2

63%

Percentage of Privacy Offices that are housed within the Legal Department.3

41%

Percentage of CPOs that report directly to the General Counsel.4

3.3 – 25

The range of full time employees retained by Fortune 1000 companies to deal specifically with privacy-related issues.5

If you are creating a privacy office, or reviewing the scope of an existing office, consider the degree to which the office should be responsible for the following functions:

  1. Drafting, reviewing, or revising privacy related policies and privacy related procedures (e.g., BYOD policy, website privacy policies, employee privacy codes of conduct).
  2. Following privacy related legal developments and trends.
  3. Training employees (g., providing core privacy training to the majority of employees, as well as specialized privacy training for employees that have contact with personal information).
  4. Responding to privacy related complaints or questions.
  5. Assisting the organization in negotiating contracts in which the organization is providing privacy related representations, warranties, guarantees, or indemnification (e., client-facing agreements).
  6. Participating in the organization’s incident response team.
  7. Assisting the organization when negotiating privacy provisions in contracts in which the organization is providing data to third parties (g., reviewing privacy practices of vendors and negotiating appropriate contractual guarantees).
  8. Conducting a data inventory or a data map.
  9. Monitoring or auditing the organization’s privacy-related practices.
  10. Reporting to senior management any significant privacy related risks or concerns.
  11. Managing the cross-border transfer of information between jurisdictions with different privacy standards.
  12. Working with developers, designers, or marketers to design privacy protections into new products, services, or promotions.
    [View source.]
Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BCLP | Attorney Advertising

Written by:

BCLP
BCLP
Contact
more
less

BCLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide