Welcome to the privacy field guide
An introduction to the privacy field guide
Imagine that, out of left field, an executive tells you to shepherd your company through the complex quagmire of privacy laws. Or, you receive a new contract from one of your commercial partners and unlike years before, this contract is replete with provisions about complying with privacy laws all over the globe. Or, you land your first privacy job and you are trying to figure out how to distill your knowledge about privacy into actual procedures for privacy compliance.
The first thing you might do is Google the issue. Google returns millions of results and several articles look on-point. Upon further review, however, the articles are unsatisfying. They may give you bread crumbs about privacy law. But they don’t give you any guidance. Absent are references to best practices, drafting guidelines, or implementation frameworks so you can complete the privacy tasks ahead of you.
For example, you might find an article declaring, “You need to hire a data protection officer!” But what skills and expertise are important to that position? How should you find and vet candidates? And what are the consequences for the organization if it fails to appoint someone to that position? None of that is included in the article.
Another article may say, “You need data processing agreements!” But what terms are typical in those contracts? And how do you best negotiate them? You won’t find any mention of how to handle audits, insurance, liability, or indemnity.
After browsing Google, you’ll likely be more frustrated and confused than you were before.
A Privacy Solution
I created the Privacy Field Guide to fill this void. The Privacy Field Guide will serve as a manual for anybody who has added “privacy” to their responsibilities, which includes more and more people as privacy laws expand to touch more areas of business.
Over the next two years, I will build the guide article by article. The entries in the Privacy Field Guide will give you practical guidance so you can solve the privacy problems you face. As a roadmap, the Privacy Field Guide will break entries into the following four categories:
The first section will discuss privacy law generally. Entries in this section will cover different approaches governments take when drafting privacy laws. I’ll discuss how the U.S. and China approach privacy on a sector-by-sector basis and contrast that approach with comprehensive laws like the European Union’s GDPR. I’ll write about how laws are created, enforced, and interpreted by the legislature, executive, and judiciary branches. I’ll discuss the role of regulations, regulatory guidance, implementing rules and regulations, and industry best practices.
The second section will address the legal approach to privacy. I’ll show you how a lawyer dissects the law, determines legal requirements, organizes those requirements, and stays up-to-date with developments in the privacy landscape.
The third section will discuss how to navigate privacy within your organization. I’ll talk about setting privacy goals, creating a roadmap to achieve those goals, crafting project management sheets, and convincing executive management to care about privacy. I’ll also explore how to develop a privacy plan that takes into account costs such as head count, capital investments, time investments, and shared resources.
The final section will address how to implement a privacy program. I’ll cover basics such as setting up a privacy charter that binds executives to your privacy objectives. I’ll talk about establishing a privacy office, including who it reports to and how it connects to divisions throughout your organization. I’ll talk about how to create privacy policies and procedures and a system for demonstrating compliance.
In total, the Privacy Field Guide is the most ambitious effort to date to make privacy law accessible. I’m confident you’ll find it helpful as you navigate this complex and ever-changing field.
- Tomu Johnson, COO Parsons Behle Lab