Anchor collaboration between IT and risk functions on shared objectives. The evolving regulatory landscape has resulted in a shared objective for information security, privacy, and compliance – trust. IT and risk functions need to work together to establish credibility, demonstrate transparency regarding their use of customer data and give customers more control over their data. Establish ashared agenda with the General Counsel to manage privacy in the digital business.
Embed privacy awareness in existing awareness training programs. As more employees handle sensitive customer data, CIOs at midsized companies should pay attention to the privacy implications of greater customer data exposure. CIOs and GCs should work to embed privacy training and awareness language into existing training that promotes the application of key privacy concepts and keeps employees aware of new and upcoming privacy laws. An effective way to start is to create simple privacy posters that highlight the key elements of the privacy practices.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.