Ask a CCO: Roles in data privacy compliance efforts

By Compliance Week2023-02-28T14:00:00+00:00

No comments

Four senior compliance practitioners share their views on the U.S. data privacy landscape and the actions their companies are taking to keep pace with new state laws set to hit the books in 2023. Today’s question:

Q: Who leads/is involved in data privacy compliance efforts at your company?

Meet the CCOs

ARTHUR KIRSTEN

U.S. Head of Compliance

CEX.io

Years in compliance: 20+

VICTORIA MCKENNEY

Deputy General Counsel - Regulatory and Compliance and Deputy CCO

United States Steel Corporation

Years in compliance: 15

KORTNEY NORDRUM

VP, Regulatory Counsel & CCO

Deluxe Corporation

Years in compliance: 9

LISA NORRIS

Director of Compliance

ABB Optical Group

Years in compliance: 17

DISCLAIMER: The views reflected by the practitioners quoted are theirs alone and do not represent the views of their companies.

ARTHUR KIRSTEN: Since 2013, our sound approach to data security has helped offer a safer customer experience. We employ tenured compliance, legal, data protection, and IT security leaders to assess our internal and client-facing initiatives.

When every tech decision, interaction, or process carries a certain level of risk, we ensure all members of the organization have the tools they need to survive and thrive as ethical stewards of the crypto space. To that end, our rigorous anti-money laundering/know your customer (AML/KYC) procedures far exceed industry standards.

All CEX.io employees undergo regular data privacy training to help keep user funds and information safe.

VICTORIA MCKENNEY: Privacy is a core area of responsibility for our compliance department.

We partner extensively with HR, IT, and cybersecurity to implement privacy protections for the personal data we handle, which revolves mostly around employment-related information and benefits. We’ve also worked with our internal business partners to identify and secure customer and supplier data.

KORTNEY NORDRUM: As the CCO, I own privacy at Deluxe.

We partner heavily with our IT, information security, and business teams to ensure the proper policies, controls, and training are in place to meet our privacy obligations.

LISA NORRIS: This is a shared responsibility between myself and the director of compliance and security.

Topics

No comments

Best practices for navigating changing U.S. data privacy landscape

1
Best practices for navigating changing U.S. data privacy landscape
2
Where U.S. federal privacy legislation efforts stand in 2023
3
California ‘setting the tone’ for privacy push with CPRA updates
4
Legacy of CCPA: A blueprint for prioritizing compliance
5
Privacy Shield replacement on track, though hurdles remain
6
Ask a CCO: Plan for complying with varied U.S. privacy laws
7
Currently reading
Ask a CCO: Roles in data privacy compliance efforts
8
Ask a CCO: Company investment in data privacy efforts
9
Ask a CCO: Most difficult element of data privacy compliance
10
Ask a CCO: What matters most in federal privacy law?

Interested in writing for CW?

Compliance Week accepts outside contributions from corporate chief compliance officers and other senior-level GRC practitioners. To learn more, contact Editor in Chief Kyle Brasseur.

Article
ICO warns of ‘complacency’ in fining Interserve $5M under GDPR
2022-10-24T14:29:00Z
The U.K. Information Commissioner warned companies not to ignore “crucial measures” to prevent cyber incidents following his office’s decision to fine construction firm Interserve £4.4 million (U.S. $5 million) for failing to secure employee personal information.
Article
AI monitoring benefits must be weighed against employee skepticism
2022-10-17T15:18:00Z
The EU’s agency for occupational safety and health released a report examining the risks and opportunities of AI-based worker management systems for employee’s physical and mental wellbeing.
Article
U.S. includes surveillance concessions in new transatlantic data flow framework
2022-10-07T21:25:00Z
President Joe Biden’s executive order on a data privacy framework aims to provide a workable, legally resilient solution for companies to continue moving and storing the personal data of EU-based citizens to American-based servers without running afoul of the GDPR.

No comments yet

You're not signed in.

Only registered users can comment on this article.

More Opinion

Article
Silicon Valley Bank risk chief gap glaring post-collapse
2023-03-13T16:58:00Z
For eight months last year, Silicon Valley Bank went without an established chief risk officer. The ramifications of that decision are hard to ignore in the wake of the bank’s hasteful failure.
Article
Ten things I’m excited for at CW National 2023
2023-03-09T13:00:00Z
Ten weeks before Compliance Week National 2023 kicks off May 15 at the JW Marriott in Washington, D.C, CW Editor in Chief Kyle Brasseur shares what he’s looking forward to most at the annual event.
Article
Ask a CCO: What matters most in federal privacy law?
2023-03-03T14:00:00Z
Four senior compliance practitioners provide their opinions on what a federal privacy law in the United States should strive to accomplish.

Conduct a detailed fraud risk assessment

CW’s flagship event returns for its 18th year

Earn CPE credit with Compliance Week

Learn from the latest headlines and protect your company today

Best practices for navigating changing U.S. data privacy landscape

Ask a CCO: Roles in data privacy compliance efforts

Q: Who leads/is involved in data privacy compliance efforts at your company?

Meet the CCOs

Topics

Best practices for navigating changing U.S. data privacy landscape

Best practices for navigating changing U.S. data privacy landscape

Where U.S. federal privacy legislation efforts stand in 2023

California ‘setting the tone’ for privacy push with CPRA updates

Legacy of CCPA: A blueprint for prioritizing compliance

Privacy Shield replacement on track, though hurdles remain

Ask a CCO: Plan for complying with varied U.S. privacy laws