Home > Knowledge > Blog

A US Federal Privacy Law Will Be No Magic Bullet

Jul 10, 2021

Who in their wildest dreams would imagine a corporate general counsel (GC) clamoring for more regulation? Despite the prospect of additional statutory hoops to jump through, this is the sentiment heard at a recent in-person roundtable I attended and was the number one topic of conversation among a group of senior GCs, who expressed their desire for federal privacy legislation to replace the mash-up of different state privacy compliance laws. For years, GCs have skirted the issue with ever-increasing levels of budget and manpower, but they are eager to see this burden alleviated by an overarching federal law that delivers consistency, predictability, and clarity.

These hopes are showing some signs of becoming reality. Following the 2020 US election and a string of pandemic-induced delays, proposals for federal privacy legislation are moving ahead. In particular, a bill sponsored by US Rep. Suzan DelBene (D-WA) is supported by multiple stakeholders ranging from tech giants to corporate GCs, whose privacy holy grail would be a single, comprehensive federal law that would reduce the growing burden of privacy compliance. These views are representative of nationwide concerns about the difficulty of privacy compliance under the current fractured, state-by-state system.

Almost without exception, corporations want and need to be compliant—particularly if they are publicly listed. Yet privacy compliance is becoming more and more difficult to navigate, as the landscape has become so confusing: California, New Mexico, Maine, and Virginia, for example, already have significant consumer privacy laws; New York, Massachusetts, Maryland, and Hawaii have new laws in the works. Some 25 additional states[1] are at various stages of the legislative process, with some holding out altogether and playing the waiting game. It’s no wonder this patchwork approach is a challenge for any organization with a nationwide footprint to navigate. This complexity has a significant impact on the administrative and financial overhead of compliance professionals, as well as their organizations’ potential exposure.

Demand for concrete and consistent federal privacy guidelines is real and growing, and our multijurisdictional approach to privacy is certainly a key driver. However, there is another driver for change that receives less attention but is equally important: data.

Read the full piece here; https://bit.ly/3qAiRDU

Copyright [2021] CEP Magazine, a publication of the Society of Corporate Compliance and Ethics (SCCE).

Explore More
Close Modal

Our Framework

Understand.

During this phase, we work to step away from any assumptions and guesses about what our customers needs, and let our research findings inform our decision-making. We learn more about our customers, their problems, wants, and needs, and the environment or context in which they will use the solution we offer.

Our Framework

Define.

During the Define phase, we analyze our research findings from the Understand phase and determine what is the most important problem to solve — and why. This step defines the goal. Then we can give a clear problem statement, describing what our customers’ needs are that we are trying to solve, making sure that we heard and defined their problem correctly.

Our Framework

Solve.

This phase is an important part of the discipline in our process. People often settle for the first solution, but the most obvious solution is often not the right one. During the Solve phase, we brainstorm collaboratively with multiple stakeholders to generate many unique solutions. We then analyze our potential solutions and make choices about which are the best to pursue based on learnings in the Understand phase.

Our Framework

Build & Test.

This phase is critical in developing the right solution to our customers’ problem. An organized approach to testing can help avoid rework and create exceptional outcomes. Starting small and testing the solution, we iterate quickly, before deploying solutions across the entire project.

Our Framework

Act.

During this phase, the hard work of prior phases comes to life in our customers’ best solution. The research, collaboration, and testing performed prior to project kick-off ensure optimal results.

Our Framework

Feedback.

At the project completion, we convene all stakeholders to discuss what went well, what could have been better, and how we might improve going forward. We call these meetings “Retrospectives,” and we perform them internally as a project team, and with our external customers. The Retrospective is one of the most powerful, meaningful tools in our framework.

Next