Data Privacy Champions

We all have people in our organization who are good data stewards and they have a desire to learn more about security and privacy within the organization.  What does that mean?

• They are concerned with security.

• They minimize the personal data that needs to be processed.

• If personal data is being emailed, they double check who they are sending it to and minimize the number of people who receive it.

• If an email contains personal data, they password protect it or use a more secure method of transmission.

• They de-identify, as much as possible, any personal data they manage.

The people who already know how to do these things, or even a few of these things, would make great Data Privacy Champions (DPC). 

What does a DPC do?  They help the organization navigate privacy concerns by engaging with their fellow employees and understanding how to make privacy and security relevant for them. They participate in meetings and create ways to communicate data privacy information to other employees.   If you are a global organization, there should be a person designated as DPC at each Local Office. Here are some more suggestions:

• They should become more knowledge about Privacy and Data Protection regulations.  Privacy regulations are very regional so they can be the boots-on-the-ground people.

• They should champion good personal data protection practice and act as a guardian of these.

• They can contribute to the Local Office processing decisions for personal data and assist with Privacy and Data Protection documentation.

• They can alert Management to any possible issues or breaches.

The people in the role of DPC need to be at a sufficient level so they can speak with sufficient authority on the subject to all levels of the organization.  They also need to be supported and professionally developed by Management in their service as a DPC.