As General Data Protection Regulation (GDPR) completes one year and other global and national trends in data privacy regulations such as CCPA and NYSDFS are rolling out, a discussion with leading insurers is imperative.
How are they charting the course with regulators, employees, consumers, subjects, and third parties, in an increasingly risky and complex privacy regime will be examined.
What is in the webinar
- A look back of the first year of GDPR and what has changed within your company, in response to the new regulation
- A discussion of new and evolving data privacy laws that are in place or in the works, and how companies are viewing in light of last year’s and ongoing GDPR efforts
- A review of data privacy-related expenditures: what did you think you would spend on, what did you actually spend on, and what do you wish you had spent more or less on?
Judith Titera, AVP & Chief Privacy Officer, Enterprise Security Group, USAA
James Sherer, Partner at BakerHostetler
Sanjay Manocha, Senior Director, Digital Risk and Compliance Conduent Legal and Compliance Solutions
First, a clear consensus formed around treating every customer in accordance to the highest standards of data privacy laws, regardless of jurisdiction. It did not seem to make sense to spend time assessing applicability of laws, but rather to extend a common set of data protections to all customers.
Second, CCPA makes the risk truly multi-dimensional. Beyond data risk, we can now clearly add regulatory risk and reputation risk. While the former is fairly straight forward, the latter could come from how data requests are addressed via customer inquiries. Further, given that many companies integrate third party data sources into their own customer profiles, the nature and extent of the actual data on any customer could be an unpleasant surprise to the customer.
Third, third party risk is an ongoing concern. This concern seemed to take two main forms. One concern was around managing the contracting relationship to incorporate the appropriate language into existing contracts and the second was how to ensure that third parties are actually abiding by the new agreements.
Finally, there were questions as to where to find companies to provide data privacy services.
Conduent can help. We provide Third Party Risk Management services, data mapping and analysis of structured and unstructured data and provide specialized end user engagement services around data privacy.