A Privacy Checklist for Global Enterprises
Nymity, a provider of international compliance resources, recently interviewed me about managing risk and compliance in a global enterprise that handles protected personal information about customers, employees, website visitors, and other individuals in multiple jurisdictions. Based on experience with many multinationals, large and small, I came up with a discovery checklist that a company might find useful in identifying and prioritizing these data flows. We also discussed several issues of common concern to global organizations:
- enforcement and litigation trends
- the moving target of "sensitive" data
- the role of privacy commissions and other data protection authorities
- the increasing interest of trade unions and works councils in employee privacy issues
- the value of referring to information security standards
- the practicalities of using cross-border compliance vehicles such as model contracts, Safe Harbor, and binding corporate rules.
The full interview is available here.