The challenge of complying with data protection laws is growing more complex, with US states increasingly having their own laws or considering adopting them. This had led many to call for one national data privacy law for the US.
Rich Hale, Chief Technology Officer, ActiveNav hopes that a national law emerges that identifies and normalizes the common threads in the various state requirements. Until then compliance needs to draw out those threads, itself, and provide clear advice on core requirements.
Compliance teams, he advises, also need to resist the temptation to boil the ocean and try to solve all the challenges at once. Instead, as elsewhere, it is better to identify and prioritize the risks. Then, work in partnership with operations to implement effective mitigation plans.
One key area to focus on is identifying what data the organization has and the justification for holding it, including understanding where the data is being used. That is often easier said than done, since many organizations do not have a full appreciation of all the uses of the data. Finding that information, he reports, is both a top-down and bottom-up exercise.
Here, too, prioritization is critical. You need to determine where the data is used most actively, including the unstructured data.
Listen in to learn more about how to get a better handle on your data in the face of regulatory complexity.