TIPS FOR MANAGING AND MITIGATING DATA PRIVACY RISK

The news is filled with stories about companies that have suffered data breaches, fallen victim to ransomware attacks, lost critical data, or had IT infrastructure encrypted and made inaccessible. This is just the tip of the iceberg for data privacy risks. Companies are also navigating an ever-changing patchwork of new privacy laws. These changes include both modifications to existing laws, as well as brand new ones. It is an understatement to say that the risks companies are facing, whether they are cyber attacks or new laws, are unpredictable and, despite many companies’ best preparations, maybe unexpected.

The obligations placed on companies under privacy and security laws are complicated and include both technological and procedural adaptions to comply. Similarly, warding off potential cyber attacks includes both technological and procedural preparedness. Creating an effective compliance programme in the face of these hurdles is not easy. Appropriate solutions are technologically complex and require organisational and procedural changes.

Corporate leaders, most of whom lack a computer science background, are being expected to navigate their organisations through these murky waters. And not only navigate them through but get them prepared for potential unknown and unknowable risks. Preparation includes motivating and changing the behaviours of others in the organisation who may lack a technical background, and who may resist the organisational and procedural changes to their behaviours that true compliance might necessitate. How can leaders prepare for these risks – risks that are not only complex, but potentially unknown and unforeseeable? There are three techniques that every leader could add to their toolkit, and a balanced use of these tools can help any compliance programme be more successful.

Oct-Dec 2022 Issue

Sheppard Mullin Richter & Hampton