Nymity, a provider of international compliance resources, recently interviewed me about managing risk and compliance in a global enterprise that handles protected personal information about customers, employees, website visitors, and other individuals in multiple jurisdictions.  Based on experience with many multinationals, large and small, I came up with a discovery checklist that a company might find useful in identifying and prioritizing these data flows.  We also discussed several issues of common concern to global organizations:

• enforcement and litigation trends
• the moving target of "sensitive" data
• the role of privacy commissions and other data protection authorities
• the increasing interest of trade unions and works councils in employee privacy issues
• the value of referring to information security standards
• the practicalities of using cross-border compliance vehicles such as model contracts, Safe Harbor, and binding corporate rules. 

The full interview is available here.