What's in the Book?
This book is a primer for small to medium businesses with a global reach, and a desire to build a global privacy program that will grow with the organization.
The global privacy program framework delivered in this book will lay the foundation for an agile global privacy program that will flex with the changing privacy landscape, including its intersections with data protection and artificial intelligence.
It is designed as a reference manual, troubleshooting handbook and step by step project plan for those of you with no idea where to start to take a proactive approach (instead of a reactive approach) to privacy.
It’s the first book in an aspirational series of books. You will have access to the author via the AskDenise! website. Weekly posts and a growing library of FAQs, templates, and collaborative forums are in the works!
Come join the Inspire! Team to change how your organization complies with privacy today.
Why Write the Book?
The soft hum of fluorescent lights filled the conference room as I settled into my chair. I was preparing for another day of interviews. As the Deputy DPO for a major tech company, I had been given the monumental task of building the Office of the Data Protection Officer from scratch. With a budget that seemed almost surreal, and the responsibility of hiring 12 top-tier professionals, I felt both excited and slightly overwhelmed.
A knock at the door snapped me back to the present. “Come in,” I called out.
The candidate entered, her confident stride and warm smile immediately putting me at ease. We exchanged pleasantries, and I began the interview.
“So,” I started, leaning forward slightly, “can you walk me through how you would operationalize the principle of data minimization in a large-scale data analytics project?”
Her smile faltered slightly. “Well,” she began, her voice hesitant, “I would… ensure that we’re only collecting the necessary data for the project.”
I nodded encouragingly, waiting for her to elaborate. But as the silence stretched on, I realized she was finished. It was a pattern I’d seen all too often.
Even experienced privacy professionals have a hard time knowing how to operationalize the laws, regulations and principles they are required to comply with. After interviewing the best privacy professionals in the world 2-3 times a week over a six month period I realized I needed to somehow help others learn the art of operationalization by breaking it down into step-by-step instructions. This would provide a place to start, a framework to build on, and teach others how to propel the work forward on their own. This book is the result.
About the Author
Denise is currently the Privacy Architect for the State of Utah within the Office of Data Privacy.
She is also President of Farnsworth Law PC and the CEO and Founder of Inspire! Privacy and Security, LLC.
Her previous roles included:
- Head of Legal, Data Privacy and Compliance Officer for Microsoft Ireland where she provided support for Microsoft’s European Development Centre, the Irish Subsidiary, Data Centre, and Microsoft’s Operations Centre for Europe, Middle East and Africa.
- Senior Director and Privacy Officer, Lead Privacy Counsel for NetSuite.
- Chief Privacy Officer and Senior Global Corporate Counsel for Jazz Pharmaceuticals
- Deputy Data Protection Officer for Facebook Ireland.
The Whole Story
One rainy afternoon, I found myself in a cozy coffee shop in Ireland, sipping a cup of mint tea while eating a heavenly scone. I was meeting with Aoife, a friend who ran a successful small tech startup. As a lawyer and privacy professional primarily focused on big tech, I was intrigued by the unique challenges faced by smaller organizations.
“Aoife, how do you even start to understand or find the time, budget, and resources to comply with privacy requirements? Even big tech organizations with significantly more budget, resources, and expertise are struggling to comply,” I asked, genuinely curious.
Aoife sighed, her shoulders slumping. “Honestly, Denise, we’re just hoping we’re small enough to fly under the radar. We assess our privacy risks as low because, let’s face it, we’re not Microsoft or Google.”
I nodded, understanding her perspective. “I get it, but that’s the perfect storm for disaster. The patchwork of laws and regulations is more complicated than ever. Individuals are becoming more educated and proactive about their data, and government agencies are conducting ‘sweeps’ to enforce compliance.”
Aoife looked worried. “So, what does that mean for us?”
“It means,” I explained, “that you can’t rely on being insignificant anymore. Even small to medium organizations like yours need to be vigilant. Regulatory scrutiny is increasing, and the risks are higher than ever. The assumption that being small equates to being safe, is outdated. Luckily for you, my team has developed a high-level framework designed to lay a flexible foundation for your Global Privacy Program (GPP). I call it the Global Privacy Program Framework, or GPPF.”
Aoife took a deep breath, realizing the gravity of the situation. “Alright, Denise. Where do we start?”
“We start,” I said, leaning forward, “by understanding the way your organization works and aligning your privacy program accordingly. It’s more efficient, and your employees are more likely to embrace it. This will save you time, money, and resources while minimizing the impact on your day-to-day operations.”
As the conversation continued, Aoife’s initial apprehension turned into determination. She understood that navigating the world of privacy, data protection, and AI laws is no longer optional, but essential for her business’s survival and success. In that cozy coffee shop, over our warm beverages, we laid the groundwork for her organization’s global privacy program. The journey was just beginning, but with the right approach and mindset, Aoife was ready to tackle the challenges ahead.
…
Conversations like these inspired me to take a six year journey into working with small to medium businesses to develop a framework they could rely on to become compliant and make privacy a differentiator, which of could expands into other compliance activities such as data protection and artificial intelligence. We hope you continue on our journey with us!
What happens when you don't comlpy?
Serious fines for companies that don’t comply. Don’t lose your company to fines and regulators.
Take a look at the following articles.
The biggest data breach fines, penalties, and settlements so far
US Treasury Department workstations breached in attack attributed to China
Largest data privacy violation fines, penalties, settlements worldwide as of April 2024(in million U.S. dollars)
Join Our Community!
We’d love to keep in touch. Join our group of privacy professionals and enthusiasts.