BizTech Law Blog

This post, Part Two, briefly reviews how a data privacy assessment can help businesses proactively address potential compliance issues as these legislative options are addressed to minimize the risk of legal noncompliance.

Although the future of data privacy legislation is unclear, the only thing certain is change. In addition to actively monitoring legislative proposals, businesses hoping to shore up their data privacy and security posture should conduct a data privacy and security assessment with the help of a professional who understands current data privacy and security laws and how those laws are changing.

As part of the assessment, well-positioned businesses will at minimum complete a data inventory detailing the information that the business collects and holds, how the data is transferred, and who has access to it. Based on that inventory, the business can take steps to address both internal and external risks with internal policies and plans like an incident response plan, addressing third party vendor risks through contract or otherwise, IT solutions, and reassessing its cyber liability insurance.

Companies familiar with GDPR (General Data Protection Regulation) compliance might have already considered these steps, but many US companies that have not worked toward GDPR compliance would benefit from them too. Although these policies and procedures will require updating as laws change, they can and should be drafted to be adaptable.

Please contact a Foster Swift business attorney if you are interested in preparing for future legislation, assessing your company’s data privacy and security situation, or minimizing the risks associated with data breaches and noncompliance.