Recent headlines show that privacy, just like its sibling, security, is not going away anytimes soon. The Colonial Pipeline ransomware incident demonstrated to all of us that security incidents can have real life consequences, not only tying up businesses in responding to them, but also to their consumers. (In this case, resulting in severe gas shortages for several days). Attention is now turning to the dramatic changes occurring in the privacy legal landscape: Virginia and Colorado both have new privacy laws, and the EU has recently announced the long-awaited new Standard Contractual Clauses.
For many companies, their size, risk level, and budgets don't allow for full-time dedicated teams of security and privacy professionals managing their data. In the world of security, the concept of a virtual or fractional CISO has already become firmly established. A fractional CISO is essentially an outsourced service that can provide portions of your security program requirements on demand, usually at a lower cost to your company. The concept of outsourcing the operational aspects of a privacy program are a bit newer, however. Many companies already seek outside help with privacy when they require guidance on new cutting edge uses of data or in response to an investigation or lawsuit. More recently, companies are learning that they can achieve efficiency and savings, as well as maintain compliance, by also outsourcing the management of their day-to-day privacy operations. Law 360 recently published information about this trend. You can learn more about it here.
