A Privacy Checklist for Global Enterprises

Nymity, a provider of international compliance resources, recently interviewed me about managing risk and compliance in a global enterprise that handles protected personal information about customers, employees, website visitors, and other individuals in multiple jurisdictions.  Based on experience with many multinationals, large and small, I came up with a discovery checklist that a company might find useful in identifying and prioritizing these data flows.  We also discussed several issues of common concern to global organizations:

  • enforcement and litigation trends
  • the moving target of "sensitive" data
  • the role of privacy commissions and other data protection authorities
  • the increasing interest of trade unions and works councils in employee privacy issues
  • the value of referring to information security standards
  • the practicalities of using cross-border compliance vehicles such as model contracts, Safe Harbor, and binding corporate rules. 

The full interview is available here.

 

Breach Notice, Breach of Contract, Cloud Computing, Data Privacy Law or Re..., Enforcement, EU, Information Security, International, Lawsuit, Legal DefensibilityW. Scott BlackmerBinding Corporate Rules, Canada, Cloud, data protection, EU Data Protection Directive, international, outsourcing, PCI DSS, privacy, privacy impact assessment, security measures