Nymity Privacy Compliance
Authored by: Terry McQuay, President and Founder, Nymity Inc
Are you at risk?
Is your organization adequately responding
to the increasing privacy risk?
live in an increasingly
interconnected world where
personal data collection
and use is escalating at an
exponential pace and personal data
are more complex and unclear increasing
risk is inextricably linked with this trend.
Governments are responding to this new
reality by creating and expanding rules and
regulations that address industries
(e.g. telecom rules in EU);
technologies (e.g. cookie rule in EU);
uses (e.g. social media laws in USA); and
concerns/risks (e.g. data breach
rules in USA). Regulatory
authorities are also casting the net wider by
broadening existing obligations or creating
new ones (e.g. to be and
data portability in new EU Regulation).
Governments are expanding powers of the
data protection authorities and regulators
(e.g. power of UK regulator to levy monetary
penalties) and regulators are increasing the
use of technology and enhanced international
co-operation to enforce data protection laws
(e.g. Google Streetview orders in many
As technology and regulations rapidly
change, how can organizations mitigate
the regulatory risk? How can organizations
deal with more data privacy laws, more
contractual obligations, more data protection
authority powers and more enforcement
actions? These are pressing questions that
all organizations face every day now is
the time to act!
We believe a strategic approach to
effective privacy management and standing
ready to demonstrate accountability mitigates
the privacy compliance risk.
At Nymity, we know a challenge like this
is too great for any one organization and that
the strength in addressing this challenge is a
holistic, multi-disciplinary approach to risk
and benchmarking across organizations,
globally. We understand that organizations
want to be accountable and seek a framework
to demonstrate this accountability. We also
realize that privacy compliance and risk
68 G20 Business 2014
mitigation need to be an ongoing
process, embedded into the operations of
the organization, with metrics. At Nymity,
we measure privacy regulatory risk based on
the following premise: laws and regulations
created by governments are designed to
protect the interest of citizens and
therefore societal values.
How are organizations responding to
the challenge of mitigating privacy risk?
Nymity works closely with its customers,
research partners and regulators around
the world to innovate compliance software
technology and methodologies that will
provide answers to these global risk
challenges. In doing so, we strive to help
our customers comply with
and make compliance a tangible
to their organization.
Organizations including governments
around the world are seeking the most
effective means to demonstrate compliance/
accountability and mitigate risk.
Organizations are increasingly searching for
benchmarking metrics to ensure that their
organization is doing the right things to
mitigate the risk. Many want to ensure that
their privacy program is best in class while
others want to be on par with industry norms.
Nymity has responded to this challenge by
developing privacy management software that
enables organizations to manage and measure
their privacy program effectiveness, making
it a tangible to the organization.
Based on privacy management processes and
activities, our software enables the privacy
to easily measure privacy management,
understand privacy regulatory risk, monitor
their privacy program and demonstrate
accountability and compliance
Based on our research, responsible
organizations can incorporate privacy
risk management within their governance
structure and mitigate risk simply by
implementing a privacy program and
approaching privacy compliance strategically.
By appointing a privacy the
foundation for accountability-based privacy
risk management is established. This
individual establishes a foundational
privacy program based on processes and
activities common to all jurisdictions,
then addresses outliers.
In the privacy and data protection regimes
around the world, implementing a privacy
program with evidence is equal to