This year’s RSA Conference is kicking off soon, and I will be there for the first time! Why? Because new rules for the protection of the personal data of employees have arrived in the US, and we need to talk about it. If you are attending the conference, come join me for my session, How to Design and Execute Superior Employee Privacy Practices, on Monday, April 24, at 10:50 a.m. PDT.
Meeting these new employee privacy requirements can be a challenge for many organizations. And let’s be clear: The struggle isn’t limited to an understanding of, and compliance with, the rules. Employee data is often unstructured, and firms store and process it in specific repositories and systems that differ significantly from those in which they manage consumer data. And as companies figure out how to comply with the rules, they must also consider how to communicate with their employees about this new privacy mandate while ensuring that employee engagement and employees’ willingness to share their data with their employers remain high.
Many organizations approaching this topic for the first time might also believe that this is a purely “legal matter,” where checklists and paperwork will be enough to mitigate the regulatory risk that the new rules create — this is a very short-sighted view. In fact, extensive research on privacy programs and practices demonstrates that privacy management is evolving to become a more technical matter, with legal requirements needing to be translated into security controls and governance processes that impact data and dataflow inside and outside of every company. The involvement of security and IT professionals in designing, executing, and measuring privacy practices will be vital to enabling their organizations to meet the new requirements and achieve sustained compliance.
This session will build on the lessons learned from countries in the European Union, such as the UK, where privacy regulators are prioritizing the enforcement of privacy rules in the workplace. I’ll share the best practices that firms in the EU have developed, and I’ll use Forrester’s brand-new employee privacy segmentation that we have created — based on data from more than 8,500 employees across multiple countries — to help the audience understand the actions that they need to take to meet regulators’ and employees’ privacy expectations.
If you want to learn more about this topic, please join me at the conference. I look forward to seeing you there!
PS — If you are not attending the RSA Conference but are interested in learning more about the new employee privacy requirements, discussing some best practices, and having a look at Forrester’s employee privacy segmentation, please schedule an inquiry with me.