Privacy compliance is a company's accordance with established personal information protection guidelines, specifications or legislation. Privacy compliance has become a prevalent business concern due to an increasing number of regulations designed to protect unauthorized access to personally identifiable information.
For example, the EU Data Protection Directive (also known as Directive 95/46/EC) is designed to protect the privacy and protection of all personal data collected for or about European Union citizens, especially as it relates to processing, using or exchanging such data. These data protection rules apply not only when responsible parties are established or operate within the EU, but also whenever the controller uses equipment located inside the EU to process personal data.
Privacy compliance came into the spotlight in 2013 when former National Security Agency contractor Edward Snowden leaked details surrounding a previously undisclosed surveillance program called Prism. Details of the Prism program's scope drew controversy due to the program's violation of rules such as the Safe Harbor policy agreement established by the United States and the European Union (E.U.) in 2000 to regulate the ways in which U.S. companies export and handle the personal data of European citizens. Privacy compliance has also gained more widespread attention due to the high-profile hacks of customer information at large retailers such as Target Corp. and Home Depot.
As privacy compliance has become a top concern for corporate management, companies are turning to specialized software and consultancies to ensure personal information protection. Some companies have also instituted a chief privacy officer (CPO) position to develop and implement policies designed to protect employee and customer data from unauthorized access.