Department of One

 View Only
  • 1.  Insights gained or questions remained?

    Posted 07-19-2022 02:52 PM
    Tell the group your biggest take-a-ways, favorite session, or questions that still remain from today's Compliance and Small Organizations conference!

    ------------------------------
    Stephen (Steve) Pavlicek | Community Engagement Manager
    Society of Corporate Compliance and Ethics
    Health Care Compliance Association
    Office: 952.567.6219 | Mobile: 612.207.3172
    6462 City West Parkway | Eden Prairie, MN 55344
    ------------------------------
    Default Blank


  • 2.  RE: Insights gained or questions remained?

    Posted 07-20-2022 09:04 AM
    I really enjoyed this workshop yesterday as I'm coming into the compliance department for a small worker's comp insurance company (400 employees) and I'm beginning to navigate my roles and responsibilities here within the organization. One of my first large projects that I will start in the next month or so is to develop and conduct the organization's first privacy risk assessment.  I would love to hear from anyone on your suggestions of what to focus on this risk assessment (i.e policies, security controls, department workflows/access, etc) and any other tips/insights you may have in this process.

    ------------------------------
    David Wiltsey
    Director of Compliance Programs
    Chesapeake Employers Insurance Company
    Towson,MD
    ------------------------------

    Default Blank


  • 3.  RE: Insights gained or questions remained?

    Posted 07-20-2022 12:16 PM
    Glad to hear that, @David Wiltsey!

    As an additional resource, this is an upcoming virtual conference on the topic:

    https://www.corporatecompliance.org/conferences/virtual-conferences/2022-september-compliance-risk-assessment-and-management

    Thanks!​

    ------------------------------
    Stephen (Steve) Pavlicek | Community Engagement Manager
    Society of Corporate Compliance and Ethics
    Health Care Compliance Association
    Office: 952.567.6219 | Mobile: 612.207.3172
    6462 City West Parkway | Eden Prairie, MN 55344
    ------------------------------

    Default Blank


  • 4.  RE: Insights gained or questions remained?

    Posted 07-26-2022 05:24 AM
    Maybe you have already one, but the first step is to conduct a Data Protection Impact Assessment.
    I attach a template published by the UK ICO but other similar privacy authorities publish their own guidance and templates on their websites.
    Depending on the geography coverage of your organisation you may want to seek external legal counsel to help you with this work.
    To prepare the DPIA you need the collaboration of the heads of the relevant departments (HR, operations, commercial, finance, procurement, accounting, legal).

    ------------------------------
    Nuria Sanchez Rubio
    General Counsel and Head of E&C
    Louis Berger International
    Paris
    ------------------------------

    Default Blank


  • 5.  RE: Insights gained or questions remained?

    Posted 07-26-2022 05:25 AM
      |   view attached
    Here with the attachment.

    ------------------------------
    Nuria Sanchez Rubio
    General Counsel and Head of E&C
    Louis Berger International
    Paris
    ------------------------------

    Attachment(s)

    docx
    dpia-template.docx   54 KB 1 version
    Default Blank


  • 6.  RE: Insights gained or questions remained?

    Posted 07-26-2022 09:46 AM
    Thank you very much, Nuria!

    ------------------------------
    David Wiltsey
    Director of Compliance Programs
    Chesapeake Employers Insurance Company
    Towson,MD
    ------------------------------

    Default Blank


  • 7.  RE: Insights gained or questions remained?

    Posted 07-27-2022 12:22 PM
    I've been thinking about how/if compliance requirements differ between privately held vs. public companies. There was discussion about IPO considerations and the point that a Code of Conduct is an SEC (or whoever) requirement - are there others? Does anyone know of a resource to get a better understanding of differing requirements as determined by company ownership structure? TIA!

    ------------------------------
    Mary Anne Lang
    Senior Manager Customer Service
    Lingraphica
    Gambrills,MD
    ------------------------------

    Default Blank


  • 8.  RE: Insights gained or questions remained?

    Posted 07-28-2022 11:02 AM
    Hi Mary Anne,

    This is a great question! Could you cross-post it to the "general compliance​ topics" group and see if they have any resources to share with you??

    Thanks!!

    ------------------------------
    Stephen (Steve) Pavlicek | Community Engagement Manager
    Society of Corporate Compliance and Ethics
    Health Care Compliance Association
    Office: 952.567.6219 | Mobile: 612.207.3172
    6462 City West Parkway | Eden Prairie, MN 55344
    ------------------------------

    Default Blank