- Gaining efficiency through teamwork
- 7 tips to improve collaboration
- Increase customer trust with better privacy practices
Read more below.
Teamwork: Your Superpower for Navigating Privacy Regulations
Incident response requires a company-wide effort — including privacy, security, compliance, IT, business development, and even board members. “The real challenge is to be able to work together as a team when the pressure cooker of a crisis [hits],” states Deborah Rimmler, counsel with Dentons Law Firm.
In 2021 Privacy Regulations: The Complexity Endures, Rimmler discusses the ever-changing landscape of privacy regulations, the intersection of privacy regulations with security and compliance, and the importance of collaboration. She talks with Doug Kruger, vice president of business development at RadarFirst, in the latest installment of The Privacy Collective.
Collaboration between privacy, security, and compliance is essential in navigating the complexities of privacy regulations. In the recorded session, Rimmler stresses that working together is important for an organization’s resilience. When you get along with people, she says, you’re naturally collaborating to create workable policies and processes: “I really enjoy the operational challenges…trying to come up with practical solutions to the evolving privacy requirements and collaborating with security, IT, and business teams.”
Working Together Under Pressure
When it comes to incident response, each team has its own set of pressures. Privacy teams are stressed about whether personal data has been compromised and notifying the appropriate people within prescriptive timeframes in the case of a notifiable incident. Meanwhile, security teams are working on containing the incident and restoring access, “In my experience, most IT people are like [super]heroes, they are like Spider-Man. They are saving their neighborhood network.”
Rimmler encourages that organizations “come at privacy and security, not from a checkbox compliance standpoint, everybody in their own silos, but really from a team that’s working together.”
How can organizations improve collaboration among privacy, security, and IT teams? Here are the highlights and specific tips from Rimmler:
- Get out of your silo. Learn what’s important to your colleagues. “It’s really important to get teams working together…outside of their own silo in a cross-functional way.”
- Do tabletop exercises. Practice how you’re going to work with your team before an actual incident occurs and do it more than once a year.
- Update your risk assessment vectors. Threats and technology are constantly evolving. “To be effective, a risk assessment cannot be sitting on a shelf.” Collaboration across departments can help teams think outside the box.
- Involve your board. Find interesting ways to educate your leaders so you can hold them accountable. “Privacy is becoming a business priority…I think it’s easier to start quantifying privacy issues with boards.”
- Reasonableness. It’s easy to get overwhelmed with data security duties, but the reasonableness standard is found in most regulations.
- Not a one size fits all. “Every organization is different, it’s grown differently, it’s got a different risk profile. How you secure that organization really can be done in a variety of different ways in accordance with a variety of different standards.”
- Incorporate privacy by design principles. “Whatever you’re doing going forward, collect as little data as possible. And make sure you’re getting rid of it as soon as you can.”
“You’re going to increase your customer trust by having better security and privacy practices,” Rimmler states. With technology evolving, and geotracking and biometrics expanding, privacy issues will only intensify. More data means more privacy issues, creating a huge attack surface. “I just think savvy privacy — even if the regulations get a little more streamlined — is always going to be super complicated,” says Rimmler.
The bottom line: privacy professionals know all too well that incidents are here to stay. But with a collaborative incident response process, teams can speed time to resolution and reduce risks to save the world from fragmented and inefficient methods. When it comes to incident response, it takes people with superpower skills, collaboration, and a secret weapon. Think of Radar as that secret weapon. It streamlines compliance with data breach notification regulations. If you can minimize privacy compliance and cut your incident response efforts in half, that’s the best superhero accessory — better than a cape, ring, lasso, or web — any day.