Do you know a leader who has driven strategic risk management programs at their organization? Nominate them today for the Diligent Modern Governance 100 Risk & Compliance Visionary category. I’m a judge for this category, and I'm excited to learn about the outstanding nominees! CLICK HERE TO NOMINATE YOURSELF OR SOMEONE ELSE!

The idea that “absence makes the heart grow fonder” is so 2019. According to US News & World Report, 44% of workers prefer working from home. In 2021 and beyond, some of us may work from home indefinitely – whether by choice or design. Others of us are bounding back to the office. From this, an emerging new complexity has emerged called “proximity bias.” Proximity bias is defined as “a cognitive bias where we value what’s close to us in time and space.”

Proximity bias is problematic in two ways. First, it can be used against us if we’re not careful, and second, we can deploy it without being conscious of it. Here’s how to deal with both of those challenges.

Protect Your Career

If you’re going to be working from home either part-time or full-time, be aware of the tendency of your boss and others to favor those working physically near to them. Create strategies to be visible and top-of-mind. These can include:

• Scheduling a regular Zoom face-to-face each week or two weeks with your most important stakeholders.

• Speaking up at least one time in each meeting in which you participate.

• Requesting plum projects and positioning yourself for promotability.

• Forwarding emails to your boss or stakeholder group when someone praises your work.

• Taking credit for innovations or ideas that you came up with.

• Ensuring your contributions are noted in group projects.

By making conscious efforts to protect your career, you’re more likely be successful.

Protect Your Team…

I am so excited to share with you my interview with the one and only Amii Barnard-Bahn. She’s here to talk about promotions – how to get more money, how to position yourself for the next level, and how to build the career of your dreams.

Kristy:

Today I am here with Amii Barnard-Bahn. She is an Executive Coach, a former Chief Compliance Officer, and Chief Human Resources Officer who Forbes magazine called, “one of the top coaches for legal and compliance executives.”

You just put out a fantastic new book called The Promotability Index. Can you tell us a bit about what the Promotability Index is, how you came up with it and how people can use it?

Amii:

Absolutely. I believe in radical self-reliance in your career. You want to be committed to your company while you're there. You want to do your best job you want to learn, but ultimately we rent our jobs. They're temporary. And as long as we have that mindset, we're, future-proofing our career because we need to make sure that we're continually learning new skills, whether they're compliance-related or whether they're leadership-related, or general application.

I created the book because while I was in HR, I saw who got promoted, who got fired, who stayed, who went, who we retained, and people that should've gotten promoted, that didn't.

I was highly motivated to reverse engineer that process as best I could and that's how the Promotability Index was born.

Kristy:

In the book, you identify five elements that make people promotable. Why don't you tell us what are those five elements?

Amii:

I start with self-awareness - that's the first one. The second is…

It happened again this morning. I got an alert from a law firm I follow telling me that there is yet another new privacy law. This one is in Colorado, a state that now joins Virginia and California in creating requirements for consumer access to their data under threat of penalty. There’s a new draft European directive on third-party due diligence requirements which we need to follow, sanctions that seem to change every day - not to mention the decisions of the courts and prosecutorial guidance that functions to create de facto requirements on our programs. It can feel completely overwhelming trying to find out about and keep the information straight.

Where can you find information you can trust that will be helpful? Here are some tried and true sources to help.

Law Firm Alerts

Many law firms publish alerts when new laws come into force or are in the final stages of being passed. It’s critical to get on one or more law firm’s lists. I am a former Gibson Dunn attorney, so I’m particularly partial to them, especially for their FCPA/Anti-bribery materials. At many firms, you can sign up for their alerts without being a client. You can even choose the practice areas for which to get alerts.

Industry Blogs

There are some fantastic industry blogs that will help you to navigate new laws. Subject-specific blogs can be highly useful. I like the FCPA Blog and Tom Fox’s blog for anti-bribery and Michael Volkov’s for sanctions/trade compliance. More generally, the Society of Corporate Compliance and Ethics (SCCE) has a terrific blog with a huge number of contributors, as does the Health Care Compliance Association (HCCA) (if you’re working in health care). We here at Compliance Kristy also provide updates on new laws as they come out. Matt Kelly’s Radical Compliance blog follows the laws affecting the profession as well.

Magazines…

Data is everywhere and it is more valuable than oil. In the Digital Age companies depend on building up customer profiles so they can better understand and sell to those customers. It is estimated that our data will be worth $197.7 billion by 2022 – more than the total value of American agricultural output.[1]

But there are strict rules in place around when, where and how you are allowed to transfer that data out of the UK or the EU. In this article, “GDPR” refers to both the UK and EU GDPR.

What is the new UK adequacy decision all about?

In June 2020, the EU Commission agreed that the UK will be on the EU’s safe list of countries for, at least, the next 4 years. This means that data can be sent unrestricted from the EU (or EEA) to the UK.

What are these Standard Contractual Clauses (‘SCCs’) I keep hearing about?

Standard Contractual Clauses or ‘SCCs’ are basically a set of clauses that you ask the receiving company to sign. In signing them, the receiving company agrees to provide an adequate level of data protection for the data they receive.

What are the new SCCs and how are they different from the old ones?

New SCCs were approved by the European Commission (EC) in June 2021. They were updated to comply with GDPR and the Schrems II decision. To rely on the SCCs you must use the precise wording laid down by the EC.

The new SCCs contain clauses for:

a) Controller to Controller transfers

b) Controller to Processor transfers

c) Processor to Processor transfers

d) Processor to Controller transfers

This means you can choose based on the type of transfer you are making ie based on whether the data exporter and importers are ‘controllers’ or ‘processors’ under GDPR in respect of the personal data processing. c) and d) are new and these types of clauses didn’t exist under the old SCCs.

The new SCCs also allow for multiple data exporters to be involved in the contract and for new parties to the contract to be added at a later stage.

What is this Schrems II case all about?…