Articles

The Privacy Insider: The Four Pillars of a Privacy Program in Chapter 6

Written by Osano Staff | April 1, 2024

Once you understand the need for a privacy program, your next challenge is knowing where to start. 

In The Privacy Insider, Osano CEO Arlo Gilbert lays out the relevant information for you to operationalize your data privacy program in simple, clear language. Data privacy regulations are complicated enough; translating their requirements into tangible processes and practices shouldn’t be any harder than it has to be. 

Here’s an excerpt from Chapter 6 of The Privacy Insider, where Arlo provides an overview of the four pillars of a robust data privacy program. 

A big part of our work creating privacy tools at Osano involves consulting with privacy experts, staying on top of current and upcoming regulations, and developing tools for companies worldwide to help them create their privacy programs. Although the companies we work with span a huge range of business types, models, industries, and geographic locations, we’ve found that the strongest data-privacy programs share similar elements. We’ve developed a framework that captures those elements and adapts to organizations’ needs so they can create an agile program that will grow with them. It also takes the guesswork out of what to do, which is one of the biggest hurdles to building a data-privacy program.  

The framework is made up of four simple pillars. We’ll unpack each one in the chapters ahead so you can use them as a guide to create a new program or further develop one you may already have. Those pillars are: 

Governance & Accountability (Chapter 7): A privacy program needs a team of advocates behind it and structured governance to guide the policies, procedures, and processes that the team will adopt. Creating them is the first step to building a program, and those charters keep evolving just as the company and regulations do.  

Compliance, Audit & Review (Chapter 8): Organizations with strong privacy programs constantly review their activities and operations to make sure they’re handling data as effectively as possible. This includes analyzing how they collect and store data, how they share data across departments and outside the organization, what their recordkeeping practices are, and whether they process data that is subject to specific permission or handling protocols. It’s an ongoing effort, and companies should regularly look for opportunities to hone their practices along the way.  

Notice, Consent & Choice (Chapter 9): Great privacy programs prioritize clear, direct communication with data subjects. They have systems in place that make it simple for data subjects to exercise their privacy rights; user-friendly consent banners; easy-to-find and easy-to-understand privacy policies; and a well-managed website that can house and support each of those features.  

Risk, Response & Resilience (Chapter 10): There is always some level of risk involved when handling personal data, and those risks increase when a company shares personal data with third parties such as vendors. A strong program will have systems in place for assessing the risk associated with any of their operations. This includes vendor risk management, the risk of a data breach, and the risk of noncompliance within their internal data processes. Organizations should also have formal procedures in place for responding to SRRs and other potential data-related incidents. 

In the rest of The Privacy Insider, Arlo dives into each of these four pillars in depth. By following this model, you can develop a fairly comprehensive data privacy program at your organization without exhaustive research and uncertainty.  

Preorder your copy of The Privacy Insider now to ensure you get access as soon as the book is published on April 3rd.