What MPC Privacy Quadrant does your organization belong to? We discussed in detail how your organization can find which Privacy Quadrant they fit in, based on the industry you operate in, in our previous article.
While you can’t control what Privacy Quadrant your organization fits in, you can definitely take control of the personal information in your business, whether it is employee or customer/consumer personal information.
Whether you have only a Canadian footprint or global, you need to aim your privacy practices and capabilities to correspond to the expectations for the Privacy Quadrant your type of organization is in, based on the privacy factors we identified in our previous article. Your organization’s privacy program needs to correct the current way personal information is being handled and move inside the Privacy Safe Zone.
An appropriate privacy program needs to have activities to govern the program, activities to implement controls and monitor their effectiveness, and a capability to report on the progress of the program as well as new risks that may affect the business.
If your business is primarily based in Canada or it is trying to expand into other markets, it needs to pay attention to the laws and regulations in those markets, the expectations of customers as well as regulators in those jurisdictions.
To help SMBs stay in the Privacy Safe Zone and future-proof their privacy program to optimize regulatory and compliance risk and the resources required, Managed Privacy Canada has researched over 20 privacy frameworks used by various organizations around the world, including risk-based frameworks and maturity models to guide businesses in each Privacy Quadrant. The most effective way to build a suitable privacy program and take control of the personal information in your business is to implement a harmonized approach to privacy compliance (not a program for each Privacy Law you need comply with) and identify the appropriate controls and program maturity for your type of organization that matches what your business requires.
In our next article we will review the privacy frameworks that help most SMBs become compliant with their privacy obligations. Our MPC Practical Privacy Playbook – P3 contains a number of privacy program components available in most of the frameworks listed in our MPC Privacy Framework Quadrant.