ADVANCED ON PURPOSEAn educational blog with purposeful content. We welcome open and polite dialogue, and expect any comments you leave to be respectful. Thanks! Archives
May 2023
Categories
All
|
Back to Blog
A Review of GDPR and CCPA12/9/2019 5 MIN READ This article is the 2nd in a series. Read the introduction article: "Why Data Privacy Matters." So you know what your data looks like. You know what it is used for. You have a sense of who touches it and who uses it. Now what? Now, you educate yourself on data privacy. If you have data, you need to protect it. I had the opportunity to speak to this on a webinar hosted by FormAssembly on August 21, 2019. I joined Maggie Tharp at FormAssembly to talk about the data privacy landscape in 2019, and evolving regulations and best practices. Check out the Webinar Recap: California Privacy and How It Affects You. On the webinar, Maggie and I discussed The General Data Protection Regulation (GDPR) as well as the California Consumer Privacy Act (CCPA) which will go into effect on January 1, 2020. As FormAssembly’s guest presenter, I spoke to the implications for nonprofit and educational organizations who may not have people or processes in place to specifically track data privacy and how it impacts organizations. In my Webinar Recap, I share some key insights that I shared on the webinar. As a follow up to their Data Privacy Deep Dive Webinar Series, FormAssembly recently published their white paper, State of Data Privacy in 2019. In this guide, they talk about the data privacy landscape in the United States, the new data privacy laws in other U.S. states, where businesses stand, and tips on better data stewardship. A realistic next step to prepare for CCPA is to have a discussion with the relevant leaders of your organization and determine your level of preparedness. Review FormAssembly’s white paper, State of Data Privacy in 2019 and give your organization a rating of Very Prepared, Prepared, Somewhat Prepared, or Not Prepared. Depending on what your team decides, make a plan to move your team to Prepared or Very Prepared. I’d like to share some highlights from the guide, and weave in some of my own best practices. These tips come from working with small to large, local to virtual organizations across California in developing and implementing data privacy business processes and protocols.
Read my next article “How You Can Protect Your Data” (under construction) for more tips and tricks to manage and protect your data. Want support developing a data governance strategy? Data governance helps organizations manage their stakeholder data and protect it from being abused, stolen, or lost. AdvancED can help you design an effective data governance strategy that will describe the steps to analyze, secure, store, and manage your organization’s stakeholder data. Schedule your free 20-min consultation now. Related articles
About Author: Meredith "Mer" Curry Mer has always had a passion for education and helping historically underrepresented groups achieve access and success to higher opportunities. She has consulted nonprofits, educational institutions, and businesses in addition to her volunteerism and mentorship of students.
Learn more about Mer at www.meredithcurry.com.
0 Comments
Read More
Back to Blog
Why Data Privacy Matters12/5/2019 4 MIN READ This article is the 1st in a series on "Why Data Privacy Matters." I learned the importance of data starting in high school working at a local CPA firm in downtown San José during my summers. Making my way through rows of filing cabinets, building up a tolerance to papercuts, and sneezing my way through dusty file folders, I took numbers off pieces of paper and turned them into financial statements. Sometimes it was straightforward data entry. Other times I double-checked the math after translating illegible debits and credits into typed balance sheets and income statements. Today I am so adept at ten-key I can type rows of numbers without looking at the keypad. I am also so grateful now for Excel formulas, pivot tables, and tools like Salesforce and FormAssembly that can bring clarity, transparency, and automation to once complex and highly manual (and thus, fraught with human error) processes. In my over 10 years of being a certified Salesforce Administrator and over 20 years of championing Excel, I am a firm believer that the more data you can have at your fingertips, the more questions you can develop to find intelligent answers to. But in my years of working with corporations, startups, and nonprofits, I’ve seen varying levels of success making use of the data that is available. Often, the challenge isn’t just what to do with the data you do have, but how to get the data you really need for the scale and impact you want. This might mean taking a step back and asking yourself, “What data do I have now, what am I using it for, and how has that been helpful?” It might then lead you to ask more questions like, “What data should I continue to track, what questions will they answer, and how will that be helpful in the long-term?”
If as a professional, manager, or executive, you are not asking yourself these questions at regular intervals (I recommend quarterly if not annually), then I highly recommend that you start now. Once you go through this fact-finding mission of understanding what data you have and what it is used for, the next important question is, “How am I protecting it?” I’d like to give you the use-cases, best practices, and tools to develop an intentional action plan around data privacy to ensure you are protecting the data you have and the data you intend to collect. Read my next article “A Review of GDPR and CCPA” to learn about the most important regulations and legislations that inform the policies and practices you may need to develop around data privacy. Want support developing a data dictionary? A data dictionary is a document (Word, Excel, whatever suits your fancy) that describes the types of data collected, the sources, the intended uses, and how the data is stored, archived, and scrubbed/deleted over time. Let’s talk about how our advisors can help you customize a data dictionary for you that tracks all of your data elements from all of your sources (e.g. Google Analytics, Salesforce, Google Sheets, Excel). Schedule your free 20-min consultation now. Related articles
About Author: Meredith "Mer" CurryMer has always had a passion for education and helping historically underrepresented groups achieve access and success to higher opportunities. She has consulted nonprofits, educational institutions, and businesses in addition to her volunteerism and mentorship of students.
Learn more about Mer at www.meredithcurry.com.
Back to Blog
6 MIN READ Thanks to an invitation from FormAssembly, the #1 Enterprise Web Form Platform, I presented my insights and best practices on a data privacy webinar on August 21, 2019. Watch the recording and read FormAssembly’s blog here! The webinar focused on The General Data Protection Regulation (GDPR) as well as the California Consumer Privacy Act (CCPA) which will go into effect on January 1, 2020. As FormAssembly’s guest presenter, I spoke to the implications for nonprofit and educational organizations who may not have people or processes in place to specifically track data privacy and how it impacts organizations. The following are some key insights that I shared on the webinar. Whether you are a customer whose data is getting collected, or you work for a company that collects data, this is for you! Tackle CCPA in Three (3) Steps The CCPA is chock full of guidance for organizations, however it may be difficult to know how to get started. I suggest the following three steps: 1. First, analyze the data you currently collect and store, and how it is currently being used and accessed. For many education and non-profit organizations specifically, documentation like data dictionaries, information governance policies, and records retention schedules are uncommon and/or out-of-date. These can be extremely helpful to develop as part of your assessment of how CCPA impacts your organization. Examples of questions you may ask yourself are:
2. Second, develop short and long term plans to ensure your organization is in compliance with CCPA. Your analysis will likely bring up ideas and issues to solve right away or in the future. An example of an approach could look like:
3. Third, implement your short term plans and have a plan for the long term. After implementation, evaluate those short term plans and use that experience to inform the long term plans. This should include keeping track of updates to CCPA over time, as well as other relevant legislation. Some additional recommendations:
Questions and Answers The webinar Q&A gave me the opportunity to drill deeper into the recommendations I made above around short term and long term planning. Find them below! Q: What does it mean to develop a data dictionary? A: A Data Dictionary is a document (Word, Excel, Google sheets, etc.) that summarizes the major data elements, their expected formats, and their sources for all data that your organization collects from California stakeholders. Common components include: Source, element/value name, description, data type, field size or character limit, last update date, example value, and validation. Once you have a data dictionary in place, it can be used as a:
Q: What other short and long term plans might we develop? A: There are two more plans that I think make sense to develop in the short or long term depending on your organization’s capacity:
Q: Who else do we need to involve? A: Be strategic about who you engage internally and externally so that you have a comprehensive lens around data privacy, without having too many cooks in the kitchen hindering progress. Examples of strategic partners include:
Q: If we could only do one thing right now, what might it be? AdvancED opinions and recommendations in articles should not be considered as legal advice. That said, my recommendation on how to best start this process includes:
Do you have additional recommendations, or questions, regarding data privacy in California? Contact me! About Meredith "Mer" CurryMer has always had a passion for education and helping historically underrepresented groups achieve access and success to higher opportunities. She has consulted nonprofits, educational institutions, and businesses in addition to her volunteerism and mentorship of students. Sources:
|