Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Tojasej > 1. Introduction > Flashcards

1. Introduction Flashcards

1
Q

What is privacy program management?

A

A structured approach of combining several projects into one framework and life cycle to protect personal information and the rights of individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What can an organization with an integrated privacy management program hope to achieve?

A

A properly structured and maintained privacy program will enable:

  1. compliance with legal regulatory requirements
  2. meet the expectations of clients or customers
  3. prevent and mitigate privacy risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is program management?

A

Is the process of managing multiple projects across the organization to improve performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What can be achieved through program management?

A
  1. Oversight and status of projects to ensure goals of the program are met
  2. Holistic view of multiple projects and change management
  3. Valued metrics across the program
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a framework?

A

The skeletal structure needed to support program management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How is a privacy framework created?

A

By analyzing

  1. The applicable laws, regulations

AND

  1. Best practices that are tailored specifically for the goals of each organization.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a life cycle?

A

The series of stages that something passes through during its existence.

(PPM - privacy governance life cycle of assets, protect, sustain, and respond)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the components of a privacy framework and life cycle?

A
  1. Consideration of privacy laws and regulations
  2. incorporation of program management principles
  3. Implementation of concepts such as:
  • Privacy by design (PbD); and
  • Privacy by default
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Is privacy the same as secrecy?

A

NO and should not be confused with data classification models used by governments which may rate information as sensitive, secret, or top secret.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does a structured privacy program exhibit?

A

An organization’s thoughtful and intentional plan to protect personal information and the rights of individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does a privacy governance life cycle provide?

A

The methods to

  • assess
  • protect
  • sustain; and
  • respond

to the positive and negative effects of all influencing factors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does a “privacy program framework” provide?

A

Provides

  • inquiry topics

AND

  • direction (e.g., problem definition, purpose, literature review, methodology, data collection, and analysis)

to ensure quality through a repeatable programmatic steps, thereby reducing errors or gaps in knowledge or experience.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Who owns the privacy program framework?

A

The framework is usually owned by the privacy team or privacy professional (e.g., data protection officer) and ownership as well as management is shared with other stakeholders throughout the organization, including employees, executive leadership, management, and external entities, such as partners, vendors and customers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the four principles of the privacy operational life cycle?

A
  1. Assess - provide the steps, checklists, and processes necessary to assess any gaps in a privacy program as compared to industry best practices, corporate privacy policies, applicable privacy laws and regulations, and the framework developed for the organization.
  2. Protect - provides the data life cycle, information security practices, and PbD principles to protect personal information.

Embeds privacy principles and information security management practices within the organization to address, define, and establish privacy practices.

  1. Sustain - provides privacy management through the monitoring, auditing, and communication aspects of the management framework.

Monitoring throughout several functions in the organization, to include audit, risk and security practices, ensures “business as usual” for identification, and reporting.

  1. Respond - includes the respond principles of information requests, legal compliance, incident response planning, and incident handling.

Aims to reduce organizational risk and bolster compliance of regulations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What should organizations be prepared for?

A

Be prepared to respond to customers, partners, vendors, employees, regulators, shareholders, or other legal entities.

The requests can take a broad form from simple questions over requests for data corrections to more in-depth legal disclosures about individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the responsibilities of a Privacy Program Manager?

A
  1. Align the various parts of the privacy program to business objectives so as not be in contention.
  2. Support business as a valued partner (not see it as a blocker)
17
Q

What are the goals of a privacy program manager?

A
  1. Define the privacy obligations for the organization
  2. Identify and mitigate privacy risks
  3. Create, revise, and implement policies and procedures that effect positive practices and together comprise a privacy program
  4. Raise the data IQ of the organization to drive and embed a privacy-oriented culture
18
Q

What are the goals of a privacy program?

A
  1. Demonstrate an effective and auditable framework to enable legislative compliance
  2. Promote trust and confidence in the data entrusted by individuals
  3. Highlight that the organization takes its data privacy obligations seriously
  4. Respond effectively to privacy breaches and data subject requests
  5. Continually monitor, maintain, and improve the maturity of the privacy program
19
Q

What are the specific responsibilities of privacy program manager?

A
  1. Policies, privacy notices, procedures, and governance
  2. Privacy-related awareness and training
  3. Incident response and privacy investigations
  4. Regulator complaints
  5. Data subject requests
  6. Communications
  7. Privacy controls
  8. Privacy issues with existing products and services
  9. Privacy-related monitoring
  10. Privacy impact assessments
  11. Development of privacy staff
  12. Privacy-related data committees
  13. PbD in product development
  14. Privacy-related vendor management
  15. Privacy audits
  16. Privacy metrics
  17. Cross-border data transfers
  18. Preparation for legislative and regulatory change
  19. Privacy-related subscriptions
  20. Privacy-related travel
  21. Redress and consumer outreach
  22. Privacy -specific or -enhancing software
  23. Privacy related certification seals
  24. Cross-functional collaboration (legal, IT, cybersecurity, ethics etc.)
  25. Internal and external reporting
20
Q

What is accountability?

A

Accountable organizations have the proper policies and procedures to promote best practices in handling personal information and, generally, can demonstrate they have capacity to comply with applicable laws.

They promote trust and transparency to provide individuals with confidence in their abilities to protect their personal information and respect their data rights.

21
Q

What are the legal requirements of accountability?

A

It is not only about saying the organization is taking action, but also being able to prove it is.

The organization is accountable for the actions it takes or does not take to protect personal data.

When organizations collect and process information about people they are responsible for it. They need to take ownership of it and take care of it throughout the data life cycle.

22
Q

What should an organization do regarding it’s data practices?

A

If an organization has a data protection policy in place, the organization should comply with that policy and document any deviations and actions taken for any failures in complying with the policy.

23
Q

Does the accountability principle impose obligations on an organization?

A

YES. Accountability, may impose obligations to take ownership and demonstrate how an organization is compliant.

Privacy program managers may be accountable for the safekeeping and responsible use of personal information - not just to investors and regulators, but also to everyday consumers and their fellow employees.

24
Q

Why does an organization need a privacy program?

A

Accountability. Showing proper respect for individuals’ personal information shows that the organization is reputable.

25
Q

What can a privacy program do for an organization?

A
  1. Enhance the brand and public trust
  2. Meet regulatory obligations
  3. Encourage ethical data processing practices
  4. Enable global operations, such as mergers and acquisitions
  5. Prevent and mitigate the effects of data breaches
  6. Provide a competitive differentiator
  7. Increase the value and quality of data
  8. Reduce the risk of employee and consumer class-action lawsuits
  9. Encourage good corporate citizenship
  10. Meet expectations of consumers and business clients
  11. Integrate data ethics into organizations decision making
26
Q

What should privacy look like across the organization?

A

Many functions should directly support the various activities required by the privacy program. Among these activities are the adoption of privacy policies and procedures, development of privacy training and communications, development of privacy- and security-enhancing controls, contract development with and management of third parties that process the personal information of the organization, and the assessment of compliance with regulations and established control mechanisms.

27
Q

How should privacy policies and procedures be created and enforced?

A

They should be created and enforced at a functional level, (i.e., by the central privacy team).

Policies imposing general obligations on employees may also reside with other functions such as ethics, legal, and compliance, therefore, it is important to align with other policy owners and reference other policies as applicable.

28
Q

How should privacy be governed across the organization?

A

Most groups within the organization should have some policies to address the appropriate use and protection of personal information specific to their own functions areas; these policies will need to be produced in close consultation with the privacy office.

*Difference between having appropriate policies in place and using appropriate controls.

29
Q

What are some examples of different functions involved in creating procedures related to privacy?

A
  1. Learning and development - policies and procedures to be translated into teachable content and contextualized into tangible operations and processes. (Privacy team must approve the training output and closely monitor completion rates)
  2. Communication team - assist with publishing content, and reinforce good privacy practices in line with the company’s branding, objectives, and tone of voice. Can also advise on the best methods of communication to boost higher commitment.
  3. Information security team - every security-enhancing technology that information security deploys - from encryption to perimeter security controls and data los prevention tools - helps the privacy program meet its requirements for implementing security controls to protect personal information.
  4. IT team - can enhance the effectiveness of the privacy program by adding processes and controls that support privacy principles. It should carry PbD by implementing privacy principles into the realm of technology development by limiting the data fields built into a tool to application to only those actually required to preform a process or action, or by building in functions that enable the user to easily delete data according to a retention schedule.
  5. IA - assesses whether controls are in place to protect personal information and whether people and processes across the organizations are abiding by these controls.
  6. Procurement - ensures that contracts are in place with third-party service providers that process personal information on behalf of the organization and that proper contractual language is imposed.
  7. HR - ensures employee information is handled in accordance with privacy policies and procedures.
  8. Ethics & Compliance - manages whistleblowing and complaints relating to how an individual’s personal data may have been handled
  9. Marketing and advertising - creates awareness on how to handle customer personal data for marketing and media purposes.
  10. Business development and strategy - helps understand how good data protection can drive more business
  11. Finance - ensures Payment Card Industry (PCI), Sarbanes-Oxley (SOX) and other financial regulations are collaborated on with the privacy office
  12. Legal - keeps current on privacy regulations and requirements that affect the organization
  13. Risk - ensures data protection risks are includes in the organizations Enterprise Risk Management framework
  14. Data governance - develops a data governance framework that supports data privacy requirements
  15. Product research and development - performs privacy impact assessments as well as privacy by design and default consulting in new product development
30
Q

How can the privacy program’s strengths and weaknesses be revealed?

A

Through questionnaire results, which in itself is a positive result, contributing to an overall strengthening of internal awareness of the program.

Tojasej (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions