Articles

Alan Friel Lists "10 Steps to Build a Privacy and Security Program" in Corporate Compliance Insights

Articles / September 24, 2013

Partner Alan Friel authored an article for the Sept. 24, 2013, issue of Corporate Compliance Insights headlined “Data Hygiene Part of Corporate Compliance – 10 Steps to Build a Privacy and Security Program.” In it he outlines the general process of developing a good data privacy and security compliance program and lists these 10 steps businesses should take:

  • Identify the information assets and practices.
  • Conduct an assessment.
  • Identify responsive measures.
  • Establish responsibility.
  • Implement the measures and monitor the operation and effectiveness of the program.
  • Consider insurance.
  • Regularly reassess the program.
  • Address education and training.
  • Address the data in the hands of third parties.
  • Prepare for the event of a security breach.

Read the full article (subscription required).

 

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Powerful Protection: The Healthcare Privacy and Compliance Team
February 13, 2020
The following story is one in a six-part series devoted to the pioneering teams that comprise the firm’s new Digital Asset and Data Management Practice Group. A prime example of BakerHostetler’s preeminence in the legal industry is on...
Read More ->
Data Privacy Monitor
The Privacy Governance and Technology Transactions Team
By Janine Anthony Bowen, Melinda L. McLellan
February 7, 2020
The following story is one in a six-part series devoted to the pioneering teams that comprise the firm’s new Digital Assets and Data Management Practice Group. A prime example of BakerHostetler’s preeminence in the legal industry is on...
Read More ->
Data Privacy Monitor
Version of Proposed CCPA Regulations Available
By Alan L. Friel
February 7, 2020
On February 7, 2020 the California Attorney General published a second version of the proposed regulations to implement the California Consumer Protection Act available here. A redline against the first draft is available here. A new...
Read More ->
Data Privacy Monitor
Steps to Develop a Mature Third-Party Risk Management Program With High-Risk Third Parties (Part 3)
February 6, 2020
Part 1 Part 2 This blog is the third in a series exploring how organizations can prevent or mitigate the severity of a third-party data breach or cyber exploit by implementing a variety of cybersecurity risk management controls, such as...
Read More ->
Data Privacy Monitor
Departments of Education and HHS Release Joint Guidance on the Relationship Between FERPA and HIPAA
By Kathryn Carey, Benjamin P. Wells
January 31, 2020
At the end of 2019, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and U.S. Department of Education Student Privacy Policy Office (ED) issued an update to their joint guidance on the relationship...
Read More ->