Tom Fox chats with Russ Berland about how his certification in privacy has facilitated him in his role as CCO.
Another Form Of Risk Management
A number of Russ’ clients needed to address privacy issues; however, the available resources were mostly European. He gained the Certified Information Privacy Professional certification so that he could meet the market need. Russ says that he looks at privacy as another form of risk management. We need to create a framework to comply with privacy laws, as well as investigate any potential violation.
Russ comments that privacy laws in the US are not as comprehensive as the EU’s GDPR. Privacy is generally seen as consumer protection in the US, while it is considered a human right in the EU.
Meeting State Standards
Tom comments that there is no national privacy law in the US at this point. He asks Russ how Aventiv thinks through crafting a privacy policy that might potentially have to satisfy 50 different state privacy laws. At present, Russ says, nine states have created privacy laws. Aventiv’s strategy is to meet the most stringent standards, and make that the national standard. Usually if you meet California’s standards, you can comply with the other states. Russ is pleased with Aventiv’s willingness to embrace compliance as a driver of their company culture.
Resources
IAPP.org
Author: admin
Welcome to the newest addition to the Compliance Podcast Network, Compliance and Coronavirus. As the Voice of Compliance, I wanted to start a podcast which will help to bring both clarity and sanity to the compliance practitioner and compliance profession during this worldwide health and healthcare crisis. In this episode, I am joined by Jeffrey Hayzlett, founder of the C-Suite Network and CEO of the Hero Club. He talks about five key strategies your company should employ during this time of the Coronavirus health crisis.
This podcast is sponsored by SAI Global. To learn how you can protect your business operations and workforce during these uncertain times, visit saiglobal.com/risk for free resources, expert guidance, and industry-leading technology.
In this special podcast series, I visit with lawyers from Azevedo Sette in Sao Paulo. The lawyers and topics include: Isabel Franco on a CarWash changed a culture, Lucas Bianchinni on environmental regulation in Brazil, Glaucia Ferreira on the Clean Companies Act, Luiz Salles on recent Brazilian corruption enforcement actions and Ingrid Santos & Guiliana Boniha on the hottest topic in Brazil: Me Too and sexual/moral harassment. In today’s episode, I visit with Luiz Salles and we discuss two key factors in compliance investigations in Brazil and the impacts of these factors on antitrust compliance.
- Why must a company take “Brazilian Factors” into account for an investigation?
- Why is an interdisciplinary approach needed for investigations in Brazil?
- As the world’s 5th largest country does an internal investigation need to take local culture into account? Why?
- What is the nexus between anti-corruption investigations and anti-trust violations in Brazil?
- Where can listeners go for more information?
This podcast is sponsored by the law firm of Azevdo Sette. To learn more about this firm, visit its website, for resources, expert guidance and support.
John Myers is the founder and CEO of Chorus Consulting. He has been an e-discovery and digital forensic professional for almost 30 years, assisting clients with data identification, preservation and analysis. He chats with Tom Fox about his company’s innovative approach to data forensics and information governance.
Innovation Begins Here
Tom is intrigued with Chorus Consulting’s tagline, “Innovation Begins Here.” He asks John to explain the significance of the tagline. John responds that it “represents our approach to our client projects and the way we approach our investigations… We’re really continuously working to find better ways to exceed our clients’ expectations, thus we’re innovating.”
Data Security and Information Governance
Most companies don’t truly know to what depth or breadth their data is secure, John posits. Chorus Consulting helps its clients understand the “what, why, and who” of their data, as well as their internal security measures. John says they help clients discover and correct potential security issues because it’s critical to know whether these internal measures are actually protecting them as well as their data. Tom comments that this data security risk assessment can prove to regulators that a company has assessed their data and has put a risk management strategy in place based upon that assessment.
John views information governance as an evolving discipline. “Information governance really provides the framework for clients to make good decisions about what information they’re keeping, how long they’re keeping it, and who and what should have access to it,” he says. He explains how his company helps his clients in this area. He also shares five practical steps to mitigate information risk.
Proactive Approach to Data Forensics
Tom asks, “You advocate utilizing forensic services in a proactive as opposed to a simply reactive basis. Can you talk us through how we would help a client do that?” John responds that they deploy real-time monitoring methodologies and technologies to ensure that corporate intellectual property or knowledge doesn’t leak out of the organization when an employee leaves. At the same time, they help their clients ensure that new employees do not bring data that they shouldn’t have into the organization.
Resources
John Myers on LinkedIn
ChorusConsulting.net
Continuous improvement can come in many different, shapes, sizes and packages. As with all things compliance, you are only limited by your imagination. Have you ever thought about a tech implementation as a way for continuous improvement? Probably not but it is also a way forward for continuous improvement. Think about that for a moment as this is taking the concept of continuous improvement and adding an ongoing tech solution. This is one of the areas both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) discussed in their jointly issued 2012 FCPA Guidance, as Hallmark 9 in the Ten Hallmarks of an Effective Compliance Program. This is not simply taking data from your compliance program and feeding it back in to create continuous improvement, but it is using a tech solution to not only make your compliance program run more efficiently but using that same tech solution to help continuously improve your compliance program.
Such an approach uses the subject matter expertise (SME) of the tech solution provider to help the compliance professional come up with a more effective compliance program. For the compliance professional it is expanding out their reach and scope through the use of not only this tech SME but with the information from their own compliance program to create greater efficiencies and effectiveness.
Three key takeaways:
- Even in continuous improvement, you are only limited by your imagination.
- The delivery of a tech solution for compliance can be beneficial in multiple ways.
- Start your analytics at the transaction level and move upwards.
In this special podcast series, I visit with lawyers from Azevedo Sette in Sao Paulo. The lawyers and topics include: Isabel Franco on a CarWash changed a culture, Lucas Bianchinni on environmental regulation in Brazil, Glaucia Ferreira on the Clean Companies Act, Luiz Salles on recent Brazilian corruption enforcement actions and Ingrid Santos & Guiliana Boniha on the hottest topic in Brazil: Me Too and sexual/moral harassment. In this first episode, I chat with Isabel Franco about how CarWash changed the entire perception and culture of compliance in Brazil.
- What was CarWash and how did it change perceptions about compliance in Brazil?
- Why was an investigation of corruption of Petrobras so critical to Brazil?
- Who were some of the key political figures brought down by Lava Jato?
- Why was this change so critical to the compliance profession in Brazil?
- What other corruption investigations did CarWash lead to?
- How did Lava Jato expand out to the entire continent?
- Having practiced in both the US and Brazil, how would you assess the current state of the compliance profession in Brazil?
- What is the legacy of Lava Jato?
This podcast is sponsored by the law firm of Azevdo Sette. To learn more about this firm, visit its website, for resources, expert guidance and support.
In the Episode, I visit with Susan Divers, Senior Executive at LRN. Susan is one of the leaders of the LNR team which annually produces the Program Effectiveness Report. The 2020 version has been released. We review its key findings and insights as well as the LRN Program Effectiveness Index. Finally, we conclude with a key theme of the Report and discuss why it is such an insight for the compliance professional.
Some of the highlights include:
- What is the 2020 Program Effectiveness Report?
- Why does LRN release this report annually?
- This year’s report has even more importance and urgency but we had ethical failures which caused loss of life over the past year as well?
- What were the overview of key insights?
- What are some of the key reasons ethical scandals occur?
- What is the Program Effectiveness Index (PEI) and what does it tell us this year?
- What are the 5 elements of an ethical culture?
- One of the key themes I took away from this year’s Report is the interconnectedness of compliance program elements.
Download and read the 2020 Program Effectiveness Report here. For more information on LRN, click here.LRN
In today’s edition of Sunday Book Review:
- Einstein on the Run -Andrew Robinson
- Einstein’s Wife–Allen Esterson, David Cassidy and Ruth Lewin
- Einstein’s War-Matthew Stanley
- No Shadow of a Doubt-Daniel Kennefick
