What To Do
Managing cross-border risks and getting a grip on privacy compliance requirements is a complicated undertaking that requires analyzing cross-border data flows, conducting privacy impact assessments, mapping privacy and cybercrime laws, and determining how assistance can be obtained in the event of a breach.

While Safe Harbor and EU-approved model contractual clauses provide two legal options for companies to use in tackling the global regulatory morass, enterprise security programs are the best way to link the various factors involved and manage risks associated with cross-border data flows.

In addition to being a requirement of U.S. laws such as GLBA and HIPAA, enterprise security programs have been a key component of all FTC consent decrees involving the safeguarding of PII. They require the dovetailing of an organization's managerial, technical and operational considerations, span the entire system development lifecycle, and involve key personnel across an organization in their development.

The governance process is one of the most important components of an enterprise security program. It requires:

• Developing an inventory of key digital assets and processes
• Identifying compliance requirements and liability risks
• Assessing reasonably foreseeable internal and external risks
• Categorizing networks, applications and information according to the risk of harm to the organization caused by a loss of confidentiality, integrity and availability.

Finally, testing, monitoring, enforcing, auditing, reviewing and updating are all crucial to managing risk, especially in cross-border situations.

Looking ahead, there is certain to be public and private- sector pressure for global harmonization of privacy laws. This process, however, could take years of multilateral negotiations. In the meantime, companies will have to remain vigilant and closely monitor their privacy compliance risks.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >