A step-by-step guide to addressing corporate data privacy and security (Part 3)

The third and final article in a three-part series aimed at assisting companies in implementing a data privacy and security program

This is the third and final article in a three-part series aimed at assisting companies in implementing a data privacy and security program. The first article addressed the importance of adopting such a program, how to put together a good data privacy and security team, cataloging your company’s data and devices, and understanding the data security risks your company faces. The second article discussed limiting data collection and retention practices to your business’s needs, safe disposal methods, securing the data your company collects, monitoring for potential breaches, sharing data with third parties, employee training and employees’ use of personal devices at work.

Adopt a written privacy policy that accurately reflects your company’s practices

Document your company’s data privacy and security program

The best defense to a class action lawsuit sparked by a data breach is a well-articulated, well-reasoned and fully implemented data privacy and security program that outlines all policies and procedures impacting data privacy and security. When drafting the program, keep in mind its purpose: to educate regulators, rebuff plaintiffs’ attorneys and inform other third parties about the extensive efforts your company undertook to craft a robust data privacy and security program. Not only is sensitive data at risk, but so too is your company’s reputation for taking seriously its obligation to protect sensitive data. Be sure to involve legal counsel in drafting the program to ensure it complies with the patchwork of laws in the United States and any other country where your company does business. Once the program is in place, revisit it periodically to make sure it remains current in light of changes within your company and evolving data security risks.

Contributing Author

author image

Todd C. Toral

Todd C. Toral is a partner with DLA Piper LLP (US) in San Francisco, where he litigates complex business disputes in state and federal courts...

Bio and more articles

Contributing Author

author image

Kathleen S. Kizer

Kathleen S. Kizer is an attorney with DLA Piper LLP (US) in San Francisco, where she litigates complex commercial disputes in state and federal courts...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.