惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园_首页
C
Cyber Attacks, Cyber Crime and Cyber Security
GbyAI
GbyAI
V
V2EX
M
MIT News - Artificial intelligence
博客园 - 司徒正美
阮一峰的网络日志
阮一峰的网络日志
小众软件
小众软件
量子位
Last Week in AI
Last Week in AI
T
The Blog of Author Tim Ferriss
H
Help Net Security
Y
Y Combinator Blog
博客园 - 三生石上(FineUI控件)
人人都是产品经理
人人都是产品经理
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
爱范儿
爱范儿
雷峰网
雷峰网
博客园 - 叶小钗
宝玉的分享
宝玉的分享
F
Fortinet All Blogs
The GitHub Blog
The GitHub Blog
D
DataBreaches.Net
PCI Perspectives
PCI Perspectives
Martin Fowler
Martin Fowler
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Proofpoint News Feed
T
Threatpost
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
O
OpenAI News
Latest news
Latest news
Hugging Face - Blog
Hugging Face - Blog
云风的 BLOG
云风的 BLOG
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Attack and Defense Labs
Attack and Defense Labs
Microsoft Azure Blog
Microsoft Azure Blog
B
Blog RSS Feed
Help Net Security
Help Net Security
T
Threat Research - Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
Microsoft Security Blog
Microsoft Security Blog
H
Heimdal Security Blog
N
Netflix TechBlog - Medium
L
LINUX DO - 最新话题
C
Check Point Blog
Hacker News: Ask HN
Hacker News: Ask HN
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tailwind CSS Blog
Scott Helme
Scott Helme

Privacy Ref

Welome to Privacy Ref Academy CIPP/US Training at The Florida Bar Annual Meeting Certificate in Data Privacy and Protection Univ. of Technology, Jamaica, and Privacy Ref launch Data Privacy Training Initiative Privacy Ref named one of the Best Data Privacy Service Providers in the U.S. Massachusetts bill follows latest Privacy Law standards Thoughts after the IAPP GPS Personal Privacy Tips Bring AI into the Privacy Program in 2025
The need to verify Policy Compliance
Bob Siegel · 2025-12-02 · via Privacy Ref

Sometimes my mind wanders and I relate what is happening around me to privacy-related situations. Often our team undertakes assessments for our clients privacy programs and we encounter a number of unexpected, and sometimes surprising findings. One situation we often find is that privacy program establishes one or more policies that are not being followed for any number of reasons

For example…

Anyone who has worked with me or taken a class from knows I love anecdotes to reinforce information I am providing. These anecdotes often come from my observations totally unrelated to privacy. For example…

Recently my wife and I went to a wedding for our niece and flew to get there. Like most flights these days, most passengers had carry on bags to save the charges and inconvenience of checking the luggage.

One more mature person brought there carry-on onto the plane, no problem. However, the individual was wearing a wrist brace and could bot pick up the bag to place it in the overhead. The person requested that a flight attendant place the bag in the overhead for them.

The flight attendant politely explained that this was against airline policy. After few uncomfortable minutes and many glances at the wrist brace, the flight attendant relented saying “…but just this one time.” The flight attendant was trying to do the “right thing” for the passenger, by violating policy. It was good customer service after all.

Unexpected consequences

The flight attendant attempted to lift the bag, then quickly backed off as the bag was heavier than the flight attendant expected. A second, “successful” attempt was made to lift the bag and it soon rested in the overhead. The passenger thanked the flight attendant who walked away clutching their back.

Other passengers were boarding asking for similar assistance. The flight attendant declined citing their strained back and the airline policy. Consequence number one: passengers were dissatisfied with the service as one person got help, but no one else did.

As the flight progressed it was obvious the flight attendant was in pain. Eventually, they allowed the other flight attendants on the flight continue service as they took a break. Consequence number two: more dissatisfaction as passengers questioned why one flight attendant was just sitting there.

When the flight arrived the injured attendant went to the airport’s medial facility and was given some pan relievers and a recommendation to get off their feet. Consequence number three: the flight attendant made themselves unavailable for their next flight and the airline had to replace them delaying their next flight.

While I cannot confirm this, I can only assume that additional work was missed by the injured flight attendant and, potentially, medical bills incurred. More consequences.

What does this have to do with privacy?

Take a moment to consider the potential consequences of your various privacy-related policies not being followed. Can this behavior lead to a data breach? A violation of the laws you are required to follow? What will the impact be on your business’s reputation? Will there ultimately a revenue or bottom line impact.

While organizations do a good job of creating policies and training individuals on what they mean. the ball often gets dropped when verifying compliance. I had one corporate counsel tell me that they did not want to verify compliance because if any issues were found, they’d have to do something about it.

If it is worthwhile to create a policy or procedure, it is just as worthwhile to verify it is being followed. If you do not, why have the policy in the first place?