Global jurisdictions are increasingly aware that data privacy means more than just data security, leading to data privacy laws like the GDPR and CCPA. As data subjects become similarly aware of their new rights, compliance has never been more important.
Compliance now requires a comprehensive privacy framework, including at a minimum:
Website Terms of Service
Vendor vetting procedures
Data Protection Agreements with Vendors and Service Providers
Certifications for certain data-processing activities (e.g. processing credit cards)
Established procedures for handling data rights requests
Mapping where and how data is collected, processed, transmitted, and stored
Cyber insurance policies with sufficient coverage
Ongoing training for employees
Confidentiality agreements for all processors handling the data
Regular internal and external penetration tests
Most importantly, organizations must do what their privacy policies and contracts say they are going to do!
Failure to comply with privacy laws or adopt these minimum standards has profound consequences. Damage to an organization's brand from a data breach or privacy violation can be just as bad as the multi-million-dollar fines for non-compliance.
With global lawmakers and millions of data subjects turning their attention to data privacy, it is no longer possible for organizations to get by with a relaxed attitude.
Most literally cannot afford the consequences.
Are your organization's data privacy standards up to date? Contact Out-House Attorneys to speak with an experienced data privacy attorney today.
The information provided on this website does not, and is not intended to, constitute legal advice. Instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. This website contains links to other third-party websites. Such links are only for the convenience of the reader, user or browser.