How to Survive the Coming Data Privacy Tsunami

How to Survive the Coming Data Privacy Tsunami

Author, KRISTINA PODNAR is a digital policy innovator. For over two decades, she has worked with some of the most high-profile companies in the world and has helped them see policies as opportunities to free the organization from uncertainty, risk, and internal chaos. Podnar’s approach brings in marketing, human resources, IT, legal, compliance, security, and procurement to create digital policies and practices that comply with regulations, unlock opportunity, strengthen the brand and liberate employees.

 Just as we have gotten used to the idea that the EU’s General Data Protection Regulation (GDPR) is a fact of life and have made modifications in our data collection procedures, the Brazil General Data Protection Law (LGDP), the California Consumer Privacy Act (CCPA), and waves of proposed new data privacy laws are swirling in the calm forewarning of a privacy tsunami heading our way. In the middle of such deep acronym swirls, it could be easy to be overwhelmed. However, all the privacy regulations share a number of commonalities and by addressing these now, you will be on high ground as the waves begin to pound.

The compliance life raft

While you will need to pay attention to the details of individual data regulations as they arise, whether already adopted, pending adoption, or only proposed, all the regulations share certain commonalities that you should consider addressing as part of ongoing operations.

Accountability and governance

At the heart of data privacy requirements is the aim to have organizations develop a plan to self-manage data in a way that respects end users. To address accountability and governance requirements in your organization, consider, have you:

  • Reviewed the applicability and risk to the organization from data privacy issues, and considered alternatives, including insurance, in case you are fined?
  • Mandated that data privacy become part of the policy program, including staff training, measurement, and compliance reporting?
  • Clearly documented roles, responsibilities, and reporting lines to embed privacy compliance

Consent and processing

A fundamental privacy regulation concept is that end users are aware when and why their data is collected, and what happens to it once it’s given. To address these requirements, ask yourself whether you have:

  • Reviewed that the data being collected and used is necessary and for the benefit of completing a desired action by the user?
  • Identified sensitive data and ensured it is treated as such through the use of special encryption or by validating vendor storage practices for sensitive data, etc.?
  • Confirmed that user consent for data collection is clearly captured and documented, and that user data can be modified or erased?

Notifications and data rights

Gone are the days of legalese or simply taking data from users because we can. Data privacy regulations require transparency, user awareness, and forthright behavior by businesses. To ensure you get this right, ask yourself whether the organization has:

  • Written user notices clearly so they can be easily understood—properly targeted to children where relevant—and are reflective of specific data collection and usage purposes?
  • Updated the internal organization’s data privacy policy to clearly state the rights of prospects and customers regarding the collection and processing of their personal data?
  • Created and tested processes to correct and delete all user data if needed?
  • Developed a solution to give users their data in a portable electronic format?

Privacy design

Organizations that treat privacy as a core design principle will always be in alignment with data privacy regulations. In my consulting experience, I see many self-disciplined organizations that have historically had good privacy practices and have little to address with each new law. To get to that state, ask whether you have:

  • Created or updated the policy and associated process to embed privacy into all technology and digital projects, including those outsourced to vendors and partners?

Data breach notification

For many organizations, the question nowadays isn’t whether the organization will have a breach, but rather when will it happen and how will they respond. To address regulatory breach aspects, ask whether the organization has:

  • Created (or reviewed and updated an existing) data breach policy and response plan to reflect detection, notification, and the actions to mitigate loss?
  • Considered and obtained insurance for a possible data breach and regulatory penalties that the organization may face but not be able to handle on its own?
  • Incorporated data breach terms and requirements into all vendor and third-party contracts?

Data localization

New data privacy regulations state where data physically must be stored, and if transferred to another country, what are the requirements for doing so. Your organization will be well positioned to meet this requirement if it can answer:

  • Have we identified and updated all cross-border data flows from the country where the data is collected, and reviewed data export for on-premise and cloud solutions?

Children’s online privacy considerations

Data privacy regulations are concerned with end users, but  are even more strict about children and their online data protection and rights. It is best to get ahead of these issues by asking whether the organization has:

  • Defined what data it collects from children, whether as a business practice or through efforts like “take your child to work day”?
  • Are user notifications and online privacy statements written in a way that a child could understand them, and do they state that parental consent is required?

Contracting and procurement

Most businesses may struggle to understand exactly what personal user data is collected via websites, mobile applications, and other digital platforms, especially through third-party software solutions and vendors. To make sure that your organization isn’t caught out, ask whether you have:

  • Reviewed and ensured that all vendors, customers, and third-party agreements reflect data regulatory requirements?
  • Defined procurement processes such that privacy is integrated into all products and services the organization buys, including regarding data minimization, the visibility of onward data flows, and data ownership?

 

Not only shattered the glass ceiling, but shattered the sky!

CONTRIBUTING WRITER, LEIGH ELMORE.  LEIGH SERVES AS THE EDITOR -AT-LARGE FOR ABWA’S WOMEN IN BUSINESS MAGAZINE AND ACHIEVE NEWSLETTERS.

Pioneering Astronomer Nancy G. Roman was  “Mother of the Hubble Space Telescope.  Nancy Roman knew from a very early age that she wanted to be an astronomer. Her greatest challenge was convincing the world that she could be a very good one. Overcoming traditional gender roles in the scientific community was almost as daunting a challenge as paving the way for the Hubble Space Telescope, an achievement for which she is most remembered. Roman, known as the “Mother of Hubble,” passed away on Christmas Day 2018 at the age of 93. She was NASA’s first chief of astronomy and one of the first women executives for the agency. Her achievements will live on

Her family moved around the country frequently when she was growing up. Roman cited both of her parents’ interest in the natural world—and her time beneath the clear night skies of Reno, Nevada—as an inspiration for her early interest in astronomy. Fueled by a fascination for the stars, she began her own astronomy club with a group of neighborhood girls when she was 11 years old. Though she knew she wanted to be an astronomer by the time she entered high school, her guidance counselor, who belittled her desire to take mathematics instead of Latin, discouraged her.

A promising student at Swarthmore College, Roman still had to ignore warnings from the Dean of Women and other teachers about studying science, ultimately earning her B.A. in Astronomy in 1946. She later recalled that the only encouragement she was given during her undergraduate years was by a teacher who told her, “I usually try to dissuade girls from majoring in physics but I think maybe you might make it,” National Geographic has reported

Roman went on to receive her Ph.D. in Astronomy at the University of Chicago in 1949, where she worked for six more years at the Yerkes Observatory as an instructor and assistant professor.

Seeing little chance for tenure as a woman, Roman took a position at the U.S. Naval Research Laboratory in Washington, D.C. where she eventually won the trust of her peers and began to work in radio astronomy, geodetics, and microwave spectroscopy.

She attended a lecture on the origin of the moon given at the newly formed National Aeronautics and Space Administration in the late 1950s where she was presented with the opportunity to work for NASA and set up a program in space astronomy.

As she told National Geographic, “The idea of coming in with an absolutely clean slate to set up a program I thought was likely to influence astronomy for 50 years was just a challenge that I couldn’t turn down. That’s all there is to it.”

She dedicated her time at NASA to promoting, initiating and supporting in-space observation, from satellites to the Scout probe. In 1964, her name was even given to a newly discovered asteroid, 2516 Roman.

But Roman’s crowning achievement at NASA was perhaps the greatest gift ever given to astrophysics: the Hubble Space Telescope, the groundbreaking satellite observatory that has generated more than 1.2 million observations and 14,000 scientific papers. Roman tirelessly laid the foundation that eventually made NASA’s space-based observatory a reality.

She retired from NASA in 1979 having prepared the way for Hubble’s eventual launch in 1990. “My work helped others explore the evolution of the galaxy,” she told National Geographic. “I did not let the fact that I was a woman deter me.”

Source: National Geographic, Dec. 31, 2018

3 Tips for Leading a Successful Entrepreneurial Life

3 Tips for Leading a Successful Entrepreneurial Life

The life of an entrepreneur – or at least the idea behind that life – can seem enticing to just about everyone.   You launch a new enterprise that makes millions – and maybe even changes the way people lead their lives.  But why do some people follow through on such visions with great fanfare and success, while others fail miserably – or never follow through at all?

“There’s just this mindset that the very best entrepreneurs have that positions them for success when others around them are struggling and unable to stay the course,” says Peter J. Strauss (www.peterjstrauss.com), an attorney, entrepreneur and author of the upcoming book The Accidental Life.

Strauss says that anyone who is feeling the entrepreneurial tug, and wants to mimic the most successful entrepreneurs, would do well to consider these three points:

  • Remember that fortune favors the bold. On the outside entrepreneurs may appear confident and assured in their actions, ready to take the steps needed to achieve success without hesitation. In reality, Strauss says, most successful entrepreneurs have a voice inside them imploring them to wait, to not take that chance. The difference between them and others is they ignore that inner voice. “In my career, I tried to prepare myself as best I could for my next step, but I always had to take a leap of faith to some degree,” Strauss says. “There’s never going to be perfect time or situation that is a guaranteed win. For any significant opportunity, there is always a risk.”
  • Take the “life gives you lemons” approach. Things don’t always work out the way we hope, but that doesn’t mean you have to accept defeat. Strauss points out that Steve Jobs was once fired by the board of the company he founded. “Steve Jobs easily could have decided that his life as an entrepreneur was not meant to be,” Strauss says. “Instead, he built another company and eventually found himself back at the helm of Apple. Jobs knew that whatever happened, his was not going to be a story of failure.” It’s inevitable that life will throw you curveballs, he says, so learn to hit them. “The good news is that adaptability can be learned,” Strauss says. “The more you train yourself to see possibility in the curveballs, the more you will adapt to hitting singles, doubles and even home runs.”
  • Understand the “family” connection. Businesses often describe their organizations as “family.” Sometimes that’s just lip service, Strauss says, but in the best corporate cultures the team respects one another and holds each other accountable – much like a family. “If you are in a leadership position, it’s up to you to instill this mindset and to be the role model for it in your company,” he says. He even discovered that the business family he created as an entrepreneur helped make him a better parent. “If I don’t set clear goals and expectations at work, I can’t be disappointed or surprised when my team falls short,” he says. “The same holds true at home. Framing expectations as a dialogue will make your family and your team feel valued.”

“Ultimately, no matter the obstacles, entrepreneurs just find a way to persevere and get the job done,” Strauss says. “But that doesn’t mean it’s always easy. There are real risks involved. People rarely see all the ins and outs and ups and downs of what it takes to reach a place where you feel real success.”

About Peter J. Strauss

Peter J. Strauss (www.peterjstrauss.com) is an attorney, entrepreneur and author of several books, including the soon-to-be-released The Accidental Life. He is the founder and managing member of The Strauss Law Firm, LLC, on Hilton Head Island, S.C, and also the founder and CEO of Hamilton Captive Management, LLC. He is a graduate of the New England School of Law and of Harvard Business School’s Owner/President Management program.

Confused

If this is easier, I must be terribly computer challanged! It may become easier as time goes by, but at this time I find it really confusing. I have attempted to add events, and it hasn’t happened. I have attempted to add pictures, and that hasn’t happened either. I get frustrated, and then just qut.