Privacy professionals must answer mission-critical questions daily. Is it OK to share data with this strategic third party? Can we deploy this new marketing feature? Can we place this function in the cloud? Can we deploy this new monitoring tool into our workforce environment? Are we required to delete this data, and if so, what does this mean? Do we need to notify regulators and individuals of this event?
Over the years, I’ve observed that highly successful privacy professionals focus on applying privacy law in three dimensions: (1) understanding the meaning of the privacy law by its own terms; (2) assessing the likelihood and severity of the risk associated with the privacy law; and (3) taking into account other competing, non-privacy compliance obligations.