Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1472128
18 P E E R T O P E E R : I L T A ' S Q U A R T E R L Y M A G A Z I N E | S U M M E R 2 0 2 2 the every-growing requirements that are going to keep cropping up every year as more and more U.S. states take on the trend. In reality, to tailor requirements specific to every piece of state legislation a company is subject to becomes a compliance burden that will only drive-up companies' costs and potential liabilities. Preparing Clients and the Market Understanding privacy requirements and protecting your firm or corporation is an organization-wide business responsibility; it is not an IT decision. Once top leadership understands the ramifications … determine strategy, engage with clients and those whose information you're entrusted with. For example, our legal team works proactively with Compliance, Governance, Engineering, and Product to provide customers with a comprehensive "due diligence" information package. Customers receive a summary of the technical and operational measures in place to protect the security, privacy, and integrity of their documents. This creates transparency and clear guidelines that can become a part of the firm's privacy and security strategy. Navigating Privacy Laws: Tips for Legal IT Pros It's essential that Legal ensures information security doesn't just live on paper. Instead, everyone needs to understand the measures businesses implement to protect data. This is becoming more crucial as the world becomes even more digitized. Here is some advice law firm CIOs might consider: 1. GCs and CISOs should collaborate to create a privacy framework that allows them to keep on top of these challenges, iterating as the business continues to scale. Creating a robust privacy policy shouldn't be viewed as a concern just for legal – GCs must encourage buy-in and participation from the wider business. 2. CIOs, know your client as well as you know your technology. Without a deeper commitment to understanding clients, IT and the CIO will continue to be the executors of strategy, not its shapers. As most management consultants will tell you, the further away IT is from the customer, the less it can understand what customers value and what technology's role should be in delivering that value. This is most definitely the case with privacy and security. Make sure you have a seat at the decision- making table! 3. Train, train, train about security competency across your firm. We advise proactivity when it comes to security awareness training and the understanding of privacy legislation and shifts, especially when embracing SaaS technologies. For this reason, CIOs need to make tech literacy a priority across the firm and enterprise. 4. Embrace security and privacy, but don't force feed it. In many firms, the security and compliance functions are treated as necessary evils. By recognizing that security is primarily a cultural and managerial issue rather than a technical one, you can embrace security and enable of growth. 5. Vendor accountability makes sure your technology partners are an integral part of your privacy and security team and playbook. Your vendor business partners, especially cloud technology companies, should be best positioned to walk you through the F E A T U R E S