Privacy does not have to be complicated. But board members have a fiduciary duty for their organization’s data security and privacy compliance. Many organizations create significant financial and reputational risk for themselves through decisions on governance, cultural change and adoption of regulatory compliance requirements for consumer privacy. If the early steps of privacy compliance are done well and there is continuous focus on quality and automation, then risk and operational cost can be reduced — and the fiduciary responsibilities of the board of directors can be satisfied.
Many organizations, even well-known brands, covered by privacy laws are not compliant. Some covered organizations have renewed interest in becoming compliant as enforcement dates arrive, e.g.,January 1, 2020 for the California Consumer Privacy Act, March 21, 2020 for the NY SHIELD Act and some portions of the California Consumer Privacy Act ballot initiative on November 3, 2020.
Because it takes time to implement safeguards and operationalize privacy, it is better to plan and act prior to the enforcement dates. Many organizations and their boards face not only risk from regulatory agencies, some also face risk from personal rights of action of consumers for other privacy and data security laws, e.g, CCPA and the Illinois Biometric Information Privacy Act, BIPA. Board members may not realize the risk that they face. And they may not understand that there is a methodical way to become compliant, stay compliant and minimize their own risk.
Download the white paper on Data Security and Privacy for Board Members from our resource page:
Here are some other links that may be of interest:
#dataprivacy #boardmembers #directors #datasecurity #cybersecurity #ccpa #cpra #gdpr #bipa #nyshield