Practical challenges in Implementing a Privacy program

With CCPA having gone into effect and 19 more regulations pending in various states, many companies are grappling with the necessity to establish and maintain a privacy program within the organization. However, implementing a privacy program is no piece of cake.


With exponential growth in data over the last decade or two, most organizations are faced with very complex IT environments with massive and distributed systems containing structured, semi-structured, and unstructured data. Among the many practical challenges in implementing a privacy program within an organization, here are a few common ones:

  1. Constrained budget,

  2. The slow pace of change within the organizations,

  3. Technical challenges in implementing the program and

  4. The sheer size of what needs to be handled


But it is important to keep in mind that with the bigger picture and focus on building the foundational blocks you can build effective programs over time even with these constraints. However, if a good foundation is not laid, the expansion of the program will pose difficulties. Here are some common pitfalls to watch out for as you plan your program.


a) Moving Metrics- Legal, Privacy, IT and Business all have stakes in the process and need to come together for a successful implementation of the program. I often find these departments working in silos. This results in duplicated effort and a lot of misinformation and inefficiency. This is especially true with the “business”, there is a lack of interest in engaging the business in these compliance efforts. The business users are the real stewards of this data and one cannot bring fundamental change or sustain the compliance efforts without engaging with the business.


It is important to fully understand all that is being tracked and measured within these functions