As a privacy officer in your organization it is your responsibility to ensure compliance with privacy legislation.
This means that you should have a thorough understanding of which privacy legislation applies to your organization and how it applies. Not only that, but you should also understand what privacy legislation applies to your key stakeholders, including your suppliers, service providers and clients.
This can seem like a daunting task for new privacy officers, especially if the role of the privacy officer is new in your organization and there is no training material to help you get started.
Depending on the privacy legislation that applies to your organization, there may already be free privacy resources online that can help your organization with compliance. For example, The Office of the Privacy Commissioner of Canada, UK’s Information Commissioner’s Office, and PrivacySense all offer free privacy resources.
But while these resources are helpful for summarizing key points of privacy legislation, it does not mean you can avoid reading privacy legislation in full. On the contrary, because you are responsible and accountable for privacy compliance within your organization, it is to your benefit to read and understand privacy legislation line-by-line. After all — it’s your job!
Know What Privacy Legislation Applies to Your Organization
Depending on your organization’s line of business, where it is located, whether it operates in the private or public sector and its flow of personal information, different privacy legislation may apply. With some basic online research you should be able to quickly find out what privacy legislation applies to your organization.
If your organization has a wide geographic presence, multiple offices around the world, or collects, uses, or discloses personal information across borders, it may be subject to different pieces of privacy legislation. In these more difficult scenarios, it may be wise to consult with a privacy lawyer.
Know What Privacy Legislation Applies to Your Key Stakeholders
In addition to understanding what privacy legislation applies to your organization, it is also equally important to understand what privacy legislation applies to your key stakeholders, including your suppliers, service providers and clients.
If your suppliers transfer personal information to your organization, you may be required to sign a contract agreeing to provide a comparable level of privacy protection or dispose of the personal information after a certain time period. You should not be caught off guard.
Your Service Providers
If you transfer personal information to a third party service provider, most privacy legislation will require that your provider have a comparable level of privacy protection.
Furthermore, some of your clients may be governed by different privacy legislation that can impose certain obligations on your organization.
As a privacy officer, it is your responsibility to be knowledgeable and answer any client inquiries that may come your way. Understanding your clients’ privacy legislation, at least on a basic level, will let your clients know that your organization is serious about privacy.
How to Understand Privacy Legislation
Now that you understand the importance of knowing what privacy legislation applies to your organization and its key stakeholders, it’s time to finally read it.
Privacy legislation can be found online by doing a simple Google search or by visiting the website of the privacy authority if one exists in your geographic area. For example, you can Google for Canada’s PIPEDA or UK’s Data Protection Act.
Start by printing out the privacy legislation — you will want a hard-copy to store later for easy access. Grab a highlighter, a pen, and start going through legislation slowly, highlighting relevant sections, making notes, and ensuring you understand everything.
After going through the legislation you may realize that your organization is not compliant in certain areas. As a privacy officer, it is your responsibility to look into any areas of non-compliance, document them, and work towards total organizational compliance.
Whenever possible, supplement your reading with online privacy resources such as those available at PrivacySense and other websites specific to your industry. This will help reinforce both your learning and memory retention.
As months pass, you may find that details from your memory slip. Review legislation, your notes, and online privacy resources whenever possible to ensure that your knowledge and proficiency does not fade away with time.