In this episode, Carolyn Holcomb joins Kevin O'Connell to discuss how organizations can build a defensible, reasonable and sustainable privacy program to withstand regulatory and legal scrutiny, and communicate that to their internal and external stakeholders.
We discuss the following questions:
0:38 - Why are privacy-related topics so relevant in today's business environment?
2:39 - What are the common themes that organizations need to consider as they interact with personal data?
4:33 - Once the program has been created, how do you enable it and who assists with that process?
7:19 - What are the needs and expectations of both the internal and external stakeholders?
9:54 - How are companies using SOC 2 reporting to communicate assurance to their stakeholders?
12:50 - What are some key takeaways in developing and sustaining a defensible privacy program?
Kevin O'Connell serves as PwC’s Trust and Transparency Solutions and ESG Solutions leader. A leading specialist in SOC 1, 2 and 3, and other third party assurance and internal controls reporting, he has over 25 years of experience providing services to our largest financial services clients designed to identify, assess, and manage complex risk and control issues across the enterprise – whether they are strategic, financial, systems, or operational in nature. As PwC's ESG Solutions leader, Kevin leads a team of professionals focused on helping organizations implement strategies to improve their ESG reporting and communicate progress to investors and other stakeholders.
Based in Atlanta, Carolyn Holcomb is PwC's Privacy Attestation Leader. She supports global companies in managing their risks and designing privacy and information security programs and systems that protect the data they collect, use, store, and destroy. Companies rely on the expertise in Carolyn's team of world-class experts and business partners. She helps organizations build control mechanisms and monitoring programs that include reporting to senior management and the Board of Directors and assesses her clients’ controls and monitoring of third parties and provides advice to such clients to help them enhance, and often remediate, such controls and programs.