Four senior compliance practitioners share their views on the U.S. data privacy landscape and the actions their companies are taking to keep pace with new state laws set to hit the books in 2023. Today’s question:
Q: What investments has your company made in data privacy compliance efforts?
Meet the CCOs
ARTHUR KIRSTEN
U.S. Head of Compliance
CEX.io
Years in compliance: 20+
VICTORIA MCKENNEY
Deputy General Counsel - Regulatory and Compliance and Deputy CCO
United States Steel Corporation
Years in compliance: 15
KORTNEY NORDRUM
VP, Regulatory Counsel & CCO
Deluxe Corporation
Years in compliance: 9
LISA NORRIS
Director of Compliance
ABB Optical Group
Years in compliance: 17
DISCLAIMER: The views reflected by the practitioners quoted are theirs alone and do not represent the views of their companies.
ARTHUR KIRSTEN: At the end of the day, technology is only as effective as the staff who implement its use. To account for this reality, we opt to invest in people.
With a leadership team boasting more than 100 years of combined experience working in compliance, IT security, and law enforcement, each team is given the benefit of learning directly from a veteran of their industry. By hiring highly qualified staff and providing regular educational and training resources, we seek to protect our product ecosystem by promoting professional development and improving the skill sets of our workforce.
VICTORIA MCKENNEY: Our investments connected to data privacy have largely centered around cybersecurity, as we work to continuously improve the security of our IT environment.
We have also invested resources in data minimization, ensuring that we are only collecting the personal information required for our business and using it only for the purposes for which it was collected. This results in less information to protect and fewer uses to monitor.
KORTNEY NORDRUM: We have a suite of tools, including Practical Law and Westlaw from Thomson Reuters. These two platforms are incredibly helpful with our research into privacy specifics and drafting our privacy program policies and documentation.
We also have some software-as-a-service (SaaS) risk assessment tools, as well as access to outside counsel for expert legal advice.
LISA NORRIS: We have purchased compliance software, have internal staff responsible for monitoring and maintaining our compliance program, and contract with specialized counsel.
Best practices for navigating changing U.S. data privacy landscape
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
Currently reading
Ask a CCO: Company investment in data privacy efforts
- 9
- 10
No comments yet