Ask a CCO: Company investment in data privacy efforts

Q: What investments has your company made in data privacy compliance efforts?

ARTHUR KIRSTEN: At the end of the day, technology is only as effective as the staff who implement its use. To account for this reality, we opt to invest in people.

With a leadership team boasting more than 100 years of combined experience working in compliance, IT security, and law enforcement, each team is given the benefit of learning directly from a veteran of their industry. By hiring highly qualified staff and providing regular educational and training resources, we seek to protect our product ecosystem by promoting professional development and improving the skill sets of our workforce.

VICTORIA MCKENNEY: Our investments connected to data privacy have largely centered around cybersecurity, as we work to continuously improve the security of our IT environment.

We have also invested resources in data minimization, ensuring that we are only collecting the personal information required for our business and using it only for the purposes for which it was collected. This results in less information to protect and fewer uses to monitor.

KORTNEY NORDRUM: We have a suite of tools, including Practical Law and Westlaw from Thomson Reuters. These two platforms are incredibly helpful with our research into privacy specifics and drafting our privacy program policies and documentation.

We also have some software-as-a-service (SaaS) risk assessment tools, as well as access to outside counsel for expert legal advice.

LISA NORRIS: We have purchased compliance software, have internal staff responsible for monitoring and maintaining our compliance program, and contract with specialized counsel.