Follow ACC Docket Online:  

This Week in Privacy: 5 Tips to Improve Your Policies for the New Year

"This Week in Privacy” is a new column for in-house counsel who need advice in the privacy and cybersecurity sectors. K Royal is a director at TrustArc. To have your legal privacy questions answered, email [email protected] with “This Week in Privacy" in the subject line.

Q: The end of the calendar year is here. What should I do to prepare my company’s privacy policies for next year?

A: Although most companies have a fiscal year versus a calendar year, the end of the calendar year is a great time to evaluate current practices and develop plans for the next year. Here are my top five items:

1. Look back on the past year. Were there any issues that arose where you or the company were less than prepared to manage? If so, develop a plan to address that issue — and related issues — for the future. Develop a roadmap for the next year. Be specific in your plans, with measurable goals. Have an action plan that you can accomplish certain tasks if not the whole project at once.

2. Either review all of your policies or schedule them to be reviewed at specific times.

3. Review and update your vendor classification process for those handling sensitive, personal, or corporate sensitive information. Are the right contract provisions in place? Do the associated departments know what to do to address these vendors? If you don’t have a vendor classification process, develop one.

4. Review and update your training materials, schedule, and requirements.

5. Make a list of your accomplishments from this year. Did you have projects that you initiated, made progress on, or completed? What challenges arose over the year that you met head-on? Recognize the hard work that you have done and end the year on a high note. So often, we sit too close to the ballet and lose that sense of magic, because we see the make-up, ripped hose, and dirty props. Take a huge step back and appreciate what you have accomplished.

The information in any resource collected in this virtual library should not be construed as legal advice or legal opinion on specific facts and should not be considered representative of the views of its authors, its sponsors, and/or ACC. These resources are not intended as a definitive statement on the subject addressed. Rather, they are intended to serve as a tool providing practical advice and references for the busy in-house practitioner and other readers.