|
The Privacy Lawyer Workshops:
Cyberspace in the Workplace Workshop Scenario
One Summary
The scenario unfolds differently in each workshop, depending on the decisions
of the leading characters and how well they direct the information gathering.
The end result is that technology and business managers at all levels will begin
to appreciate the threads that tie information together, why they need to
implement a data management framework and how everything needs to be built from
this framework. Just as every company and situation differs, so does the
scenario. Finding methods that work for your company, your workplace ethic and
your needs is the ultimate goal of the Cyberspace in the Workplace workshop
series.
This workshop scenario is directed at demonstrating how difficult it is to
locate all the data management threads, ask the right questions and spot
potential risks.
Chief privacy officers, compliance officers and others handling data risk
management and compliance issues often complain that the hardest part of their
job is to identify where the data comes from, how is is collected and accessed,
who has access to it and for what purposes and where and how it is stored. This
scenario helps senior and middle management groups understand how to formulate
the inquiries and where the needed information is often hidden. This scenario
uses a potential merger to light the fire under those responsible for data
management. Time is of the essence. Can they find what they need?
Megacompany has received an offer from Megamost Company. Megamost has been
working with Megacompany for several years and see a strategic synergy between
them. Having recently sold two subsidiaries, it is also cash-heavy. The
management of the two companies have a solid and trusting working relationship.
William also went to school with the CEO of Megamost Company. Megamost has
suggested a merger of the two companies.
Megacompany is interested in proceeding and has instructed Karen to move
ahead. She has negotiated and executed a letter of intent. The letter of intent
has certain non-disclosure provisions and requires each company to disclose
their data management practices, an overview of the relevant regulatory and
legal issues impacting their integration and any litigation or regulatory
threats or actions. Assuming all proceeds as hoped, the merger could be
completed as early as ten months from now.
Karen has called a meeting with all key players to gather the necessary
information, determine what needs to be done, and to spot problem issues early.
She has included her outside counsel, VILF ("Very Important Law Firm"), in the
meeting.
Her legal counterpart in Megamost Company, Richard Riley, is also Megamost
Company's chief privacy and compliance officer. He is particularly concerned
about data management, since they have had run-ins with the European regulators.
While Megacompany has no CPO, Karen has dealt with privacy issues before and was
personally responsible for drafting Megacompany's privacy policy for the
website.
Scene one is the meeting. Karen decides whom to invite. (Parry may suggest
that others are added to the list.) Karen will attempt to gather as much
information from the others as possible. Each character has certain information
in their script. Depending on what is requested, this information may or may not
be disclosed in the meeting.
| 
Parry
Aftab, Esq., 
Marvel and
all character names and the distinctive likenesses thereof are trademarks of
Marvel Characters, Inc., and are used with permission. TM & © 2004 Marvel
Characters, Inc. All rights reserved. “Super Heroes” is a Co-owned registered
Trademark.