A Privacy Checklist for Global Enterprises

Nymity, a provider of international compliance resources, recently interviewed me about managing risk and compliance in a global enterprise that handles protected personal information about customers, employees, website visitors, and other individuals in multiple jurisdictions.  Based on experience with many multinationals, large and small, I came up with a discovery checklist that a company might find useful in identifying and prioritizing these data flows.  We also discussed several issues of common concern to global organizations:

  • enforcement and litigation trends
  • the moving target of "sensitive" data
  • the role of privacy commissions and other data protection authorities
  • the increasing interest of trade unions and works councils in employee privacy issues
  • the value of referring to information security standards
  • the practicalities of using cross-border compliance vehicles such as model contracts, Safe Harbor, and binding corporate rules. 

The full interview is available here.