As chief operating officer at his company, Privacy Ref, Bob Siegel sees organizations he counsels struggle through a common problem: The privacy office drives responsibility for privacy and data protection, but there’s a disconnect between that assignment and the business offices responsible for seeing that through.
Siegel had long been a fan of Nymity’s privacy software solution, Nymity Attestor, which serves as a tool for privacy offices to demonstrate accountability and compliance. And so, seeing the need for increased accountability throughout organizations, Siegel and Nymity have paired up to offer what they’re calling Accountability Implementation Services, being unveiled this week at the Global Privacy Summit in Washington.
The idea is that Privacy Ref, currently a company of five but in the midst of hiring to address the growing need Siegel sees, is hired by an organization to look at its privacy policies and procedures. Then, Siegel or a member of his team determines which areas are the strongest and which need improvement. And that’s where Nymity’s Attestor solution is brought in. The privacy office is then able to gather quantitative metrics using what’s called a “data privacy accountability scorecard.”
Finally, Siegel’s team uses the information to prioritize a risk area of an organization’s privacy program, based on the potential costs resulting from those areas, and the work is then commenced to strengthen those risk areas and close existing gaps.
Siegel said the partnership made sense both for his consulting business and for the organizations he serves. It allows for evidence-based, long-term maintenance and it offers tangible ways for organizations to improve upon the status quo.
“I go through an exercise with the privacy office to see, ‘Who do you expect to do these things?’’” Siegel said. “And there’s often a disconnect between the privacy office and the business alignment. So the next step was to see how you hold people accountable.”
While the privacy office might dictate to various business areas what should happen or what needs to be done, there’s not necessarily going to be a privacy specialist in that business area. Meaning there may not be much follow up.
“Certainly privacy policies and procedures sustain themselves, but what this Nymity framework does is allow you to have more specificity and to have that discussion with the business area about what needs to be done, as opposed to just assuming they know,” Siegel said.
Terry McQuay is president and founder of Nymity and said partnering with Privacy Ref will help organizations “properly build and maintain the necessary policies and procedures that will enrich the user experience when working with Nymity Attestor to demonstrate effective accountability and compliance over time.”
The Accountability Implementation Services comprises 20 days of consulting from a member of the Privacy Ref team and training on site to use Nymity’s tool.
Siegel and his team will be in the Exhibit Hall at booth number 13 and encourage anyone interested to stop by and learn more.
If you want to comment on this post, you need to login.