Home » All Great Easy Ways To Save Tax And Good Deductions » Have Your Privacy Policies Kept Up with Your Digital Transformation?

The Best Sellers

COVID-19 Solutions & Effective Tips


The Greatest Emergency Virus Surviving 10 Steps Guide

Risk Responses COVID-19 Solutions


For Use When Travel FIRST AID KIT


Amazon Impress Gifts 50% Off HOLIDAYS&CHRISTMAS Only!


RSS Top Internet Today News

THE Best Sellers

Amazon Best Sellers

Arts & Entertainment

 Body Art
 Film & Television
 Magic Tricks


 Latin America
 Middle East
 Specialty Travel
 United States


 Individual Sports
 Martial Arts
 Other Team Sports
 Outdoors & Nature
 Racket Sports
 Water Sports
 Winter Sports
 Extreme Sports

Betting Systems

 Casino Table Games
 Horse Racing

Spirituality, New Age & Alternative Beliefs


Business / Investing

 Equities & Stocks
 Foreign Exchange
 International Business
 Management & Leadership
 Marketing & Sales
 Personal Finance
 Real Estate
 Small Biz / Entrepreneurship
 Careers, Industries & Professions

As Seen On TV

 Backyard Living
 Health and Beauty
 Kitchen Tools and Gadgets

E-business & E-marketing

 E-commerce Operations
 E-zine Strategies
 Email Marketing
 Market Research
 Niche Marketing
 Paid Surveys
 Pay Per Click Advertising
 Social Media Marketing
 Blog Marketing
 Video Marketing
 Classified Advertising
 Affiliate Marketing
 Article Marketing

Employment & Jobs

 Cover Letter & Resume Guides
 Job Listings
 Job Search Guides
 Job Skills / Training




 Console Guides & Repairs
 Strategy Guides

Green Products

 Alternative Energy
 Conservation & Efficiency

Computers / Internet

 System Analysis & Design
 Email Services
 Operating Systems
 System Administration
 Web Hosting
 Web Site Design

Cooking, Food & Wine

 Drinks & Beverages
 Regional & Intl.
 Special Diet
 Special Occasions
 Vegetables / Vegetarian
 Wine Making


 Sign Language


 Test Prep & Study Guides
 Student Loans
 Higher Education
 Educational Materials

Home & Garden

 Animal Care & Pets
 Crafts & Hobbies
 Gardening & Horticulture
 How-to & Home Improvements
 Interior Design


 Developer Tools

Health & Fitness

 Women's Health
 Spiritual Health
 Strength Training
 Dietary Supplements
 Dental Health
 Diets & Weight Loss
 Exercise & Fitness
 Men's Health
 Mental Health
 Sleep and Dreams

Software & Services

 3D Printing
 Internet Tools
 Anti Adware / Spyware
 Background Investigations
 Developer Tools
 Digital Photos
 Foreign Exchange Investing
 Graphic Design
 MP3 & Audio
 Operating Systems
 Other Investment Software
 Personal Finance
 Registry Cleaners
 Reverse Phone Lookup
 Screensavers & Wallpaper
 System Optimization
 Web Design


 Time Management
 Stress Management
 Dating Guides
 Eating Disorders
 Male Dating Guides
 Marriage & Relationships
 Motivational / Transformational
 Personal Finance
 Public Speaking
 Self Defense

Parenting & Families

 Pregnancy & Childbirth
 Special Needs


 Gay / Lesbian
 Catalogs & Directories
 Consumer Guides
 Law & Legal Issues
 The Sciences

Politics / Current Events


Have Your Privacy Policies Kept Up with Your Digital Transformation?

Have Your Privacy Policies Kept Up with Your Digital Transformation?

For every business that shifts operations online, there are potential privacy pitfalls that will prove very damaging if mismanaged. As new regulations are set to go into force in the United States, the stakes for getting this pivot right are higher than ever before. The Covid-19 pandemic is accelerating digital transformations, and companies should consider implementing these four privacy-focused measures: 1) Check how your vendors and partners use customer data, 2) Perform impact assessments to monitor risk, 3) Strive for clarity in your privacy policy, and 4) Designate a data protection officer.

We’ve made our coronavirus coverage free for all readers. To get all of HBR’s content delivered to your inbox, sign up for the Daily Alert newsletter.

For companies everywhere, Covid-19 has expedited digital transformation at almost unimaginable speed. In an effort to survive and get back to business safely, companies have rapidly adopted services such as contactless payment, click-and-collect applications, and enhanced customer relationship management. These transitions are vital for business to continue, but each also introduces new risks. For every business that shifts operations online, there are potential privacy pitfalls that will prove very damaging if mismanaged, and as new regulations are set to go into force in the United States, the stakes for getting this pivot right are higher than ever before.

Across industries, teams with expertise in real-world spaces are rushing into digital ones where they’re novices and pumping huge amounts of user data into new systems. In the restaurant industry, establishments are scrambling to build new online ordering and delivery infrastructure or to partner with companies who already offer those services. In higher education, institutions faced with missing out on a year’s tuition fees are rapidly migrating their entire curriculum online, and rushing to digitize everything from online teaching to student health records. In the live events space, production veterans are being asked to migrate their well-established processes online and into new cloud technologies. In each case, these changes carry the risk that reams of personal data will be mismanaged and vulnerable to exposure.

This situation raises two major challenges for many businesses: First, they need to make quick decisions on procuring new technology: building online storefronts, implementing communications platforms that process customers’ personal data, and more. Second, they lack experience with data processing infrastructure, or even technology in general. That adds up to teams making quick decisions on the use of technology systems they don’t know much about. There might be an understandable temptation to treat privacy concerns as a secondary issue — one that can be addressed after the immediate crisis — but that would be a mistake, and one which would place companies at elevated risk of monetary fines, class-action lawsuits, and PR headaches.

There’s been growing regulatory pressure on both sides of the Atlantic. The General Data Protection Regulation (GDPR) in Europe, which was implemented in May 2018, and the California Consumer Privacy Act (CCPA) in the United States, which becomes enforceable by law on July 1 (impacting any company with a presence in California and over $25 million in annual revenue), contain stringent protocols for the management of user data, and both threaten steep fines for businesses that get data wrong. Particularly in the United States, there’s little reason to think that regulators will meaningfully relax standards because of the pandemic. California Attorney General Xavier Becerra has been unambiguous in his intent to press forward on implementing CCPA, stating: “We’re committed to enforcing the law starting July 1. We encourage businesses to be particularly mindful of data security in this time of emergency.”

The good news is that managing privacy concerns doesn’t have to be yet another daunting task on top of the already Herculean feat of moving large parts of your business online. There are a number of simple, meaningful steps you can take to minimize the risk of a privacy breach. To make your rapid digital transformation as safe as reasonably possible in the coming months, consider implementing these privacy-focused measures. Each can be done independently, but if your business can tick all four of these boxes, you’ll greatly mitigate privacy risk:

Businesses may be tempted to rush into contracts with third-party vendors who promise “plug-and-play” solutions to a number of digital transformation challenges. And while companies may be aware that they must review any Data Processing Agreements (DPA) during procurement, there is a tendency to underestimate the consequences of skipping this step. Under CCPA and GDPR, a business can be held financially liable for failure to perform due diligence on third parties that process customer data — in fact, this was the scenario that led to Marriott Hotel Group being fined $123 million by ICO in 2019.

Your key focus when reviewing vendor DPAs should be ensuring they’re privacy compliant and that their data policies align with your business’s stated data policies — otherwise a business runs the risk of violating their own privacy policy. Additionally, check the language about subcontractors in any vendor DPA. There should be assurance that vendors won’t subcontract to another processor unless explicitly instructed by your business to do so. This ensures your business is legally protected if a vendor unilaterally offloads data duties to a non-compliant third party.

Impact assessments for data processing are required in many cases by GDPR, but not required by the CCPA. However in times of frenetic change, implementing basic risk assessments for data activities — however tedious — forces businesses to think critically before making a potentially damaging decision on issues like data storage, subcontracting, and more. Furthermore, in the event of being charged with a privacy violation, a paper trail demonstrating proactive steps to mitigate risk reads favorably to regulators.

The UK’s Information Commissioner’s Office provides a free data protection impact assessment template that will set your business on the right track to accurately assessing privacy risk, whether you’re based there or not.

As key stakeholders reevaluate privacy policies ahead of CCPA enforcement, consider how the document reads. Your goal is to make this policy accessible to all of your customers — not just those fluent in legalese. You might think you’re covering yourself by including phrases wide open to interpretation to prepare for any future regulatory requirement, but your priority should be to help your increasingly privacy-savvy customers understand your policy and trust your company. Slack’s privacy policy shows that thoroughness doesn’t have to come at the expense of clarity for readers.

No matter a business’s size, centralizing responsibility for data decisions is preferable to diffusing responsibility across multiple departments. That is truer than ever during times of rapid change. DPOs serve as a focal point for privacy concerns within an organization and a vital liaison to regulatory bodies while the character of privacy law enforcement remains ambiguous. Even if the person lacks privacy experience, empowering a single set of eyes to focus on privacy is a quick, cost-conscious way to de-risk.

As stated at the outset, managing rapid digital transformation well can require taking risky action. But in the current climate, depending on regulatory largesse is an unnecessary risk for businesses when they can take simple, process-driven steps to shore up privacy.

Data privacy implementation exhibits many features of the economist’s “time inconsistency” dilemma – it’s too soon to do it until it’s too late. And as we’ve seen in the last few weeks, “too late” can mean a serious stumble at a critical business juncture.

If our free content helps you to contend with these challenges, please consider subscribing to HBR. A subscription purchase is the best way to support the creation of these resources.

Cillian Kieran is the CEO and founder of privacy company Ethyca. A background in software engineering and two decades spent leading large-scale data programs for Heineken, Sony, Dell, and Pepsi convinced him there was a better way to build privacy deep into large technology systems. Now, Ethyca powers privacy for global brands like Away, Slice, and AspireIQ.

Have Your Privacy Policies Kept Up with Your Digital Transformation?

Research & References of Have Your Privacy Policies Kept Up with Your Digital Transformation?|A&C Accounting And Tax Services

Leave a comment