• HOME
• WORLDWIDE
• PROGRAMS
• EVENTS/FORUMS

• PRODUCTS
• Publications
• Executive Action
• Research Reports
• Key Findings
• PowerPresentations
• Working Papers
• Periodicals
• Articles
• BoardEurope
• BoardIndia
• Business Cycle
  Indicators
• CEO Confidence Survey
• Consumer Confidence
  Survey
• StraightTalk
• Annual Essays
• Books
• Sponsored Research
• Our Magazine
• Organization Charts
• Ask The Library
• Podcasts

• OUR WEBSITE
• Contact Us
• Press
• Help
• Site Map

Board Europe - March/April 2008

Privacy & Data Protection Raise Challenges for Firms

The legislative and reputation risks involved in privacy protection are evolving rapidly. With the increase of surveillance and electronic data-storage, privacy is becoming a hot issue for businesses. Consumers, meanwhile, are holding companies to high standards when it comes to protecting their personal data.

"Data protection laws are no longer just a European concern," says Stewart Dresner, Chief Executive of Privacy Laws & Business (www.privacylaws.com), an independent international privacy law information service provider. Globally, countries are adopting laws that define a right that personal data be kept accurate, up-to-date and safe.

"Privacy regulators' inspections and audits are becoming more methodical and coordinated, and the criminal and civil penalties for non-compliance with privacy laws are getting stronger," warns Dresner. In areas of the world with long-standing data-protection laws, investigators are working with other regulatory agencies to organize broad, sometimes even pan-European audits. Likewise, the costs of financial sanctions can be inflated by the negative publicity companies may face if confronted by a privacy violation.

A recent survey conducted by Privacy Laws & Business found that half of its sample of major multinational companies had no data breach policy in place. This presents a major risk and could attract the attention of regulators who are less likely to audit when responding to complaints or sectoral problems, if they know that an organization has implemented and tested internal data protection measures, according to Dresner. A breach within the framework of a stated policy is much more likely to be viewed as an individual problem - without a policy, companies cannot count on that benefit of doubt, he says.

So, what should you do? Dresner urges companies to make this a priority. Appoint a privacy manager that reports to your general counsel and takes responsibility for creating and monitoring an effective global data protection policy. "Take a census of the personal data that your organization collects, processes, uses, stores and disposes of".

Many scandals have erupted from documents improperly shredded or computers left with data undestroyed. And remember, these issues apply to all today's technology — not only desktop computers but also PDAs, USB disks and mobile phones. Recognize that most audits are spurred by employee or customer complaints and that a proactive approach is the best way to mitigate privacy risks.

Back to Board Europe

home   about us   contact us   press   help   site map   terms of use   privacy policy ©2008 The Conference Board Inc. The Conference Board torch and logo are registered trademarks of The Conference Board Inc.