The Big 3 in Privacy: Privacy Notices/Policies, Data Processing Agreements/Addenda, and Written Information Security Programs (WISPs)

1) Does your business have internal and external privacy notices/policies based on templates you created rather than “borrowed”?

2) Does your business have data processing agreements with all service providers who process personal information on your behalf and for whom you process personal information?

3) Does your business have a written information security program in place?

4) Has your business reviewed its privacy practices in light of new laws within the past two years?

If you answered no to any of these questions, this webinar is for you. We’ll walk you through the Big 3: Privacy Notices/Policies, Data Processing Agreements/Addenda, and Witten Information Security Programs (WISPs).

There are three trends emerging in privacy law: (1) more and more countries and states are enacting privacy laws, (2) more and more fines are being assessed for noncompliance with the laws, and (3) more and more lawsuits are being filed for noncompliance. And it’s not just big businesses who are at risk – in the European Union and the UK, for example, many fines have been assessed against small businesses. While some businesses will not meet the thresholds under certain state laws for the particular law to apply, others (e.g., the European Union, the UK) typically do not have any thresholds. And  even if you think a foreign law would not apply to you because you don’t do business there, it might if you capture analytics information such as IP addresses of individuals located in those places.

In any event, it is a best practice to have both external (for customers, website visitors, etc.) and internal (for employees and affiliated persons) privacy notices/policies in place because they provide a degree of comfort for those whose personal information is being processed, and in the event there is a privacy law that does apply, having a robust privacy policy in place will help to minimize ramifications of incomplete compliance. Also, if you are sharing personal information with others, it is critical that you have proper agreements in place requiring the recipients of that information to protect it appropriately. Furthermore, one of the common reasons for fines to be assessed is lack of proper administrative/organizational, physical and technical security measures being in place to protect the personal information being processed. Addressing these three key areas can help to minimize your businesses’ liability in this rapidly evolving area of the law.

Speaker: Attorney Douglas Verge