Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1542659
50 TRACY BORDIGNON is a Senior Director in the information governance, privacy, and security practice at FTI Technology. She brings more than a decade of experience in information governance and privacy and helps organizations manage legal risk. Bordignon holds a law degree from Southwestern Law School and is licensed to practice law in Florida. reduce friction, the privacy assessment intake process should be standardized and kept as simple as possible. There should be a consistent form that all business functions can use in a single platform that is accessible to all relevant teams. Then, from that standard baseline, additional layers can be added for technology development projects or new tool implementations that may require additional evaluation beyond the standard assessment criteria. AI is a prime example, as AI features and capabilities carry unique data implications that can directly impact privacy and trust. Web projects that may include adtech components represent another unique category. Standard forms can include additional sections for AI-specific projects, adtech questions for web development initiatives, or other questions for higher- risk use cases, to proactively ensure extra rigor in review where needed. • Commit to a collaborative tone. While privacy officers and technology innovation teams have different roles and challenges, they can lean into a shared objective: responsible, impactful business growth and development. These teams should work to bridge gaps between their functions so that privacy stakeholders have a clear understanding of the business unit's vision, and the business unit can understand the data risks that may arise when launching new technology. • Create a resource hub. A single destination where business units can find the privacy information they need will help to break down roadblocks that delay development schedules. Data privacy fundamentals and controls can be explained in readily available documentation, and team members can refer to frequently asked questions documents to understand what to expect throughout the privacy impact assessment process. • Train and educate. Organizations benefit when they invest in privacy and process training across business units. Educating stakeholders about the reasoning behind privacy controls and reviews will help to secure buy-in and nurture a culture of compliance. Given business priorities surrounding AI, innovation is outpacing governance within most organizations. This presents an array of risks, particularly for consumer-facing organizations that must uphold reliability, quality, and trust to maintain a strong competitive advantage. Fortunately, data privacy and AI governance can be implemented without hindering advancement. By integrating privacy by design across business units and making privacy more accessible and approachable to development teams, organizations can drive growth, reinforce trust, and mitigate risk.