Case Study 2 : Data privacy compliance
One of the world’s largest publishing companies maintained hundreds of databases around the world, each of which had to be managed in compliance with data privacy laws of the local country and countries affected by the database contents. The publisher’s small team of data privacy lawyers faced the daunting prospect of interviewing and consulting with many database managers across many time zones on four continents.
When the lawyers asked the company’s IT department to create an online system to interview and advise the database managers, the IT department recognized that traditional programming tools were not well-suited for the subtleties of the legal rules involved, or the need for rapid updates, so they referred the job to Neota Logic.
Working with the publisher’s lead data privacy lawyer and reviewing the relevant legal materials, the Neota Logic consultants created the first version of the system in a matter of days. After a few weeks of refinement, the final system:
- Intelligently interviewed a manager of each of the hundreds of databases.
- Identified which privacy laws are applicable based on the database location and content.
- Determined whether the database presents a high risk of noncompliance.
- Generated a compliance report specifying each applicable requirement and providing related advice to the manager.
- Sent an email to the appropriate lawyer notifying him or her of the session and attaching a report for follow-up by the lawyer if needed.
- Input all facts gathered and conclusions drawn during the session into a database so reports could be generated on the use of system and publisher’s overall compliance with data privacy laws.
Data managers could do the legal interview at their convenience and get immediate, specific guidance.
Lawyers leveraged their small team to perform hundreds of detailed audits and assessments that they could not have done otherwise—better service to more people, and more time to focus on the hardest cases.
IT staff met the company’s needs without burdening scarce internal IT resources.
Senior management demonstrated compliance to data privacy regulators around the world.
Donald accepted the support of the labour inspector and he agreed to sign an enforceable undertaking. Peter received the money he was owed within an agreed timeframe and Donald began to work on a plan to rectify his record-keeping practices.