A Guide for In-House Counsels to Reduce Privacy Risks and Improve Customer Trust: A Framework to Establish an Effective Privacy Program

Shahab Ahmed, Director, Legal and Corporate Affairs, Microsoft

The global climate around privacy is quickly evolving and privacy is a priority for regulators across the world. Privacy risks, when materialized, can lead to significant regulatory and legal sanctions, as well as severe reputational damage. Regulatory actions against organizations on issues relating to privacy and security are increasing around the globe, especially in jurisdictions across the European Union (EU), and the United States of America (US). For example, a global internet search engine company was recently sanctioned heavily by the many Data Protection Authorities (DPAs) across EU member states on alleged privacy violations. One of the largest retailers in the US has suffered a massive data breach and recently its CEO had to resign, in part due to pressures over alleged mishandling of the data breach issues. In many jurisdictions, private actions are also on the rise alleging violation of privacy related laws. Privacy is not only an important issue in developed jurisdictions, many jurisdictions around the world are increasingly focused on privacy related issues. A global organization has to take into account compliance with numerous privacy laws across the world, including national, provincial or state level as well as sectorial regulations.