Data Privacy Program Guide

The topic of privacy has become a priority for boards, the executive leadership team, and privacy and security leaders alike. Regulations including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and sector-specific regulations including the Health Insurance Portability and Accountability Act (HIPAA) all require important treatment of personal data, personal information, personally identifiable information and protected health information. Security and privacy are intertwined. As the saying goes, you can have security without privacy, but you cannot have privacy without security. Privacy, like security, is a multi-disciplinary domain that requires insight and collaboration across a host of corporate functions including sales and marketing, legal, IT, HR, and security, among others. Similar to security, privacy has ascended as a C-level function and consequences of poor privacy practices include damaged reputation, regulatory intervention (e.g., a consent order), fines and other financial impacts, and clearly, data breaches when sensitive information is not adequately secured throughout its lifecycle.