Four senior compliance practitioners share their views on the U.S. data privacy landscape and the actions their companies are taking to keep pace with new state laws set to hit the books in 2023. Today’s question:

Q: What investments has your company made in data privacy compliance efforts?

Meet the CCOs

Arthur Kirsten


U.S. Head of Compliance

Years in compliance: 20+



Victoria McKenney


Deputy General Counsel - Regulatory and Compliance and Deputy CCO

United States Steel Corporation

Years in compliance: 15



Kortney Nordrum


VP, Regulatory Counsel & CCO

Deluxe Corporation

Years in compliance: 9



Lisa Norris


Director of Compliance

ABB Optical Group

Years in compliance: 17



DISCLAIMER: The views reflected by the practitioners quoted are theirs alone and do not represent the views of their companies.

ARTHUR KIRSTEN: At the end of the day, technology is only as effective as the staff who implement its use. To account for this reality, we opt to invest in people.

With a leadership team boasting more than 100 years of combined experience working in compliance, IT security, and law enforcement, each team is given the benefit of learning directly from a veteran of their industry. By hiring highly qualified staff and providing regular educational and training resources, we seek to protect our product ecosystem by promoting professional development and improving the skill sets of our workforce.


VICTORIA MCKENNEY: Our investments connected to data privacy have largely centered around cybersecurity, as we work to continuously improve the security of our IT environment.

We have also invested resources in data minimization, ensuring that we are only collecting the personal information required for our business and using it only for the purposes for which it was collected. This results in less information to protect and fewer uses to monitor.


KORTNEY NORDRUM: We have a suite of tools, including Practical Law and Westlaw from Thomson Reuters. These two platforms are incredibly helpful with our research into privacy specifics and drafting our privacy program policies and documentation.

We also have some software-as-a-service (SaaS) risk assessment tools, as well as access to outside counsel for expert legal advice.


LISA NORRIS: We have purchased compliance software, have internal staff responsible for monitoring and maintaining our compliance program, and contract with specialized counsel.