Comprehensive privacy laws have been enacted worldwide, from the GDPR, in Europe, to numerous US-state laws such as the CCPA/CPRA in California and the VCDPA in Virginia, to the LGPD in Brazil, the Act on the Protection of Personal Information (APPI) in Japan, and the proposed new privacy legislation in Canada (as well as the current PIPEDA and province-specific laws).
While these laws differ in their semantics, they are generally built on 6 core principles:
Access – Letting people access their personal information
Correction – Correcting personal information that you keep
Deletion – Deleting personal data when you receive a request from a data subject
Portability – Transferring personal information (on request) to another source, for example, to another telecom provider
Opt-in & Opt-out – Offering data subjects the option to consent to that data (opt-in) and also allowing them to withdraw their consent at any time (opt-out), or, in some cases, just allow an opt-out (this is one of those areas where you should ask your local data privacy lawyer)
Notice – Telling people what information you collect, use, retain and disclose their personal information.
Each of these principles can be promoted through good information governance practices.
For example, understanding where your data is located and which versions of data that you hold (and which are the correct ones) significantly increases the chances that you are going to be able to comply with access, correction and deletion requests and will also help you to find the data that you need when transferring it to another service provider.
Also, having strong cross-team compliance dialogue that includes both legal and IT can help you to source the right solutions and craft the right language to enable you to comply with notice and opt-in/opt-out requirements!
Finally, a lot of redundant, obsolete and trivial data (ROT) still contains personal information, and IG helps you to find and eliminate that data quickly!
OK, now back to managing that data…and, looking forward to hearing from you!