Last week at the Waldorf-Asotria Hotel in New York, Compliance Week gathered 18 compliance executives to talk about the difficulty of privacy regulation today. Almost immediately, one of the participants raised an excellent point about the “Right to Be Forgotten” clause working its way into law in the European Union.
“How is that ever going to work?” this executive blurted out in exasperation. “We have data on people that exists on backup tapes in a basement somewhere. Are we supposed to go scouting around to find that tape and erase it? What about if we have an audit sometime in the future? Am I supposed to tell an auditor or a regulator that I’ve erased a person?”
