January 28th is Data Privacy Day, an annual international event that aims to spread awareness about the importance of data privacy and security. As one of the few law firms in the United States focused solely on data privacy and security, our experience team of data privacy professionals and attorneys work daily with clients across the globe to help safeguard their organizational, employee, and client data – from drafting privacy policies to conducting regulatory assessments, performing data mapping, and administering privacy trainings.
In recognition of Data Privacy Day, we are sharing five of our top data privacy tips for organizations to better safeguard their data and create a cultural shift towards prioritizing privacy.
1. Conduct Regulatory Assessments
The data security and privacy regulatory landscape is constantly changing. Octillo recommends going back to the basics and starting with the threshold question of what laws and regulations apply to your business. Addressing this fundamental question with a comprehensive regulatory assessment of your business operations and data collection practices will pave the way for developing a sustainable roadmap of compliance as your business grows and changes. Conducting periodic regulatory assessments also help to identify gaps in your policies and procedures that may need to be addressed as your business works toward compliance.
2. Purge Old Data
Make implementing or enforcing a Record Retention Policy a joyful experience that Marie Kondo would approve of. Do those emails from 2011 bring you joy? Who cares. Unless you are obligated to keep it, enforce a record retention policy and drastically reduce the surface area of sensitive data and personally identifiable information, thereby mitigating your company’s exposure.
3. Don’t Wait Until an Incident to Think About Privacy
Organizations that experience a security incident – whether a business email compromise, inadvertent disclosure, or other unauthorized access – will respond more effectively if they understand what data they hold, where it was stored, and what safeguards are in place. Act on privacy now to reduce your risk later.
4. Don’t Forget About Marketing Communications
In light of recent privacy laws, including the California Privacy Rights Act, it is more crucial now than ever to engage your internal marketing and communications teams in conversations about your organization’s use of personal information on your website and as part of your email and text message marketing campaigns, which includes a discussion around the role cookies and analytics plays in your business. Use of certain technologies to improve or track campaign performance may trigger additional requirements.
5. Keep Training Fresh and Current
With so many legal and regulatory changes in data privacy, don’t wait until your annual privacy and security training to reinforce the importance of data security and privacy hygiene with your workforce. Find new and creative ways to engage your teams on changes to the law, the importance of understanding data transfers and limitations on the selling and sharing of personal information. You can utilize job-specific training, newsletters, remote team building activities, and all-employee town halls to update your workforce’s knowledge on these topics.
Data Privacy Day presents an excellent opportunity to think about your organization’s data flows and how you can better safeguard sensitive information. Addressing privacy goes well beyond this annual event – it is an ongoing endeavor that requires organizations to constantly evolve to keep up with a growing patchwork of regulations and requirements.
Octillo encourages you to keep privacy top of mind as you work towards your organization’s goals and stands ready to assist. If you haven’t had a chance to connect with our team of seasoned data privacy attorneys about our offerings and our unique approach, we would welcome the opportunity to share more. Our team is passionate about helping clients strengthen their privacy protocols and prioritize information security. We work with organizations to build and implement enterprise-wide data privacy and security programs that are future-focused, business-oriented, and work towards compliance with an expanding list of privacy regulations. To learn more about how we may help kick-start your privacy goals, reach out to a member of our team.
*Attorney Advertising: Prior results do not guarantee future outcomes.