Keeping User Data Privacy in Check
It is important for companies that collect user data, either directly or through third parties, to pay close attention to how they are handling the collected user data. Large fines are being assessed against companies that have improperly collected user data from European citizens. US citizens are becoming more sensitive to where their data is going and who is profiting from it which has resulted in negative publicity and congressional hearings for several companies. Many States in the U.S. have adopted their own standards and requirements with fines for non-compliance.
One solution that companies are taking is to establish an independent objective privacy rights auditing mechanism in order to stay ahead of the regulations and to make sure they have the appropriate policies, procedures, IT protocols, training and contract language in place with their users, customers and vendors. An internal auditing, investigations and compliance may already exist and is probably doing a great job. Bringing in an outside, independent firm enhances the legitimacy of internal gap findings and recommendations, makes it clear that data privacy is a high priority and establishes high levels of trust among shareholders and the community, all of which increase shareholder value.
Here is an example of the role and tasks performed by Intuitive Edge, an outside firm providing privacy rights audits and assessments:
- Act as independent audit organization at the independence of senior management that produces internal investigations as an "inspector general" duty to the board and recommends voluntary disclosures to the SEC.
- Issue confidential findings, observations, recommendations, non-compliance risks, shareholder risks.
- Immediately mitigate at risk areas due to the unauthorized or improper use of private data of users, customers clients, employees and agents.
- Regular reviews of compliance with GDPR and US Data Protection Regulations against contracted sales for the dissemination of user data, deletion of data and verifications and all other specific requirements.
- Regular reviews of and assessment of confidential and private information with a matrix of contractual language, usage terms and consents that meets regulatory compliance requirements.
- Regular reviews of ISO 31000:2018 compliance on managing risks and determining the application of ISO 3100:2018 guidelines if in use or recommended.
- If applicable, assess algorithm development compliance with GDPR and customer contracts for sale of authorized user data.
- Provide recommended contract amendments or modifications to existing and future accounts to ensure lawful compliance with contractual and regulatory laws on an on-going basis.
- Provide or adjust framework for training program and record keeping of employee knowledge and understanding of adopted privacy rules and internal policies.
Intuitive Edge, Contracts Simplified, Certified Woman Owned