Article authored by Robert Merrick and Suzanne Ryan

As personal information has become a monetizable asset, risk, compliance and data experts have increasingly been forced to address the regulatory and operational ramifications of the rapid, mass availability of personal customer and employee data circulated both inside and outside of organizations.

Particularly in Canada and the United States, an unprecedented explosion of regulations has established new responsibilities for organizations to protect the personal information flowing through their operational ecosystems. Many are already actively looking inward at their governance, risk and compliance (GRC) management systems to address their personal information protection requirements. Despite the implementation of the European Union’s General Data Protection Regulation (GDPR) and high-profile data breaches serving as a reminder of what is at stake, many organizations still need to take various steps to enhance their privacy and data governance.

Continue reading here.