Advice for Maintaining Data Privacy Compliance from Legal Experts | Event Recaps | All MKC Content | ANA
Log in Search

Advice for Maintaining Data Privacy Compliance from Legal Experts

Masters of Advertising Law Conference attendees: Scroll down for CLE materials

The 2023 ANA Masters of Advertising Law Conference convened a panel of legal experts who shared numerous recommendations for maintaining compliance with the proliferation of regulations on consumer data privacy being issued by states.

Words of Wisdom

"Privacy is the new brand safety."

"Don't start with your privacy policy. Start with knowing what you have."
     — Richy Glassberg, co-founder of and CEO at SafeGuard Privacy

Action Steps

  • Treat the handling of sensitive data as your clearest strategic risk.
  • Adopt an opt-in data privacy policy.
  • Ensure you have sound data governance.
  • Secure the resources necessary to proactively protect consumer data privacy. To do so, highlight for leadership the rate of change in privacy regulations across states and, by extension, the high and rising bar for compliance.
  • Make investments in automation and standardization to allow lean data ops teams to function efficiently. Doing so will include making investments in talent.
  • Establish the prioritization of privacy as part of your overarching culture, making relevant investments across teams.
  • Establish a tight partnership between legal and marketing, such that they are communicating in the early stages of initiatives.
  • Document your compliance and have a third party verify it. Doing so will carry weight with regulators should they come calling.
  • Get a privacy engineer on your team — a technologist dedicated to this issue who works closely with legal.
  • Also get a product privacy counsel.
  • Remember, "sensitive data" isn't just sensitive data; it also includes the inferences you draw based on that data, which are also covered by many states' privacy regulations. Conduct data-protection assessments on such inferences drawn from data.
  • Have vendors sign agreements to ensure they uphold your privacy standards.
  • Create sound data privacy KPIs and integrate them into job descriptions.
  • When deciding what health data to treat as sensitive, use Washington state's list of data types, as it casts the widest net on this issue.

CLE Materials

Source

"How to Move the Needle of Privacy Compliance Without Really Trying." Richy Glassberg, co-founder of and CEO at SafeGuard Privacy; Wayne Matus, co-founder of and general counsel at SafeGuard Privacy; Erica Irvin group VP, chief counsel — digital technology and innovation at Albertsons; Dona Fraser, SVP at BBB National Programs. 2023 ANA Masters of Advertising Law Conference, 11/17/23.

You must be logged in to submit a comment.