Risk Assessments Lessons Learned, Part II: Privacy

A number of laws and regulations - in the US and around the world - have been enacted over the past few years that require organizations to conduct a variety of privacy risk assessments.  These assessments may require, or strongly encourage, a number of activities including formal privacy risk assessments, updating privacy notices, or engaging in data mapping activities. This trend shows no sign of slowing as more of these laws and regulations continue to be proposed and enacted. As a result, some organizations that are not subject to these laws and regulations are conducting privacy risk assessments to identify and mitigate privacy risk. Throughout all of these endeavors, a common group of lessons learned has emerged. This Lawline session will outline some of the types of risk assessments that may be required by law or regulation, more common privacy risks organizations identify, and considerations for mitigating those risks. Attendees can utilize this information to engage in discussions with technical and compliance colleagues and develop or mature their privacy program.  

Learning Objectives: 

1. Identify the types of privacy risk assessments required by laws and regulations

2. Discuss common privacy-centric activities that help organizations identify and mitigate privacy risks

3. Integrate these findings into the development or enhancement of a privacy program