Last week we had Michelle Fleury, Sr. Director of Supply Chain Operations at Cisco, and Patrick Curry, Director of Privacy and Compliance at McKesson US discuss how to build a privacy governance program. They discussed some privacy and security challenges that organizations face today. Specifically, they discussed how data isn’t kept in one place due to the proliferation of networked devices, causing organizations to struggle with where to start securing their enterprises.
Moreover, organizations may have diverse strategic considerations, such as legal obligations, customer expectations, competitive differentiators, and the risk landscape. To meet these strategic considerations while securing the enterprise, (1) use guiding principles to get through the complexity, and (2) get started now.
(1) Use Guiding Principles.
One such guiding principle is a requirement of the EU GDPR – Privacy By Design. Our panelists shared that getting the business involved very early will help ensure that privacy is included and built in from the beginning. Connect with them so that they understand the privacy team’s goals.
(2) Get Started Now.
While the initial program will have to be improved upon, these steps are a starting point:
- Form a multi disciplinary team including privacy and security
- Inventory your data
- Assess your organization’s data protection maturity
- Choose a program framework and set goals
- Collect and connect capabilities and processes
- Id and prioritize most significant gaps
- Follow an Agile approach
- Get the word out: people are as important as the technology