Companies collect and store more data than ever. This trend of exponential growth, fueled by cloud computing advances, falling digital storage prices, and the increasing number of handheld devices and internet-connected sensors, shows no signs of slowing down.

When the collected data contains personal information or can be combined in ways that potentially identify unique individuals, companies must consider the impacts of different privacy and data security laws governing its collection, use, transfer, and disposal. Significant adverse consequences can arise if companies handling personal information:

These risks are compounded when companies operate globally and collect data from jurisdictions with different data protection laws. Effective privacy compliance and information management programs can help minimize these risks, while also allowing companies to leverage the data in new ways.

This Toolkit contains continuously maintained resources that provide practical guidance on establishing and managing US privacy compliance and information governance programs and drafting effective privacy and information security policies.