1: Introduction to Privacy Program Management Flashcards
Program mgmt.
*The process of managing multiple projects across an org to improve performance
*Allows for:
oversight and status of projects to ensure goals of program are met
holistic view of multiple projects and change mgmt.
metrics to be viewed across program
Privacy program management
The structured approach of combining several projects into a framework and lifecycle to protect personal information and the rights of individuals
Results of a properly structured privacy program
*Comply with legal and regulatory requirements
*Meet the expectations of customers
*Prevent and mitigate privacy risks
Framework
*The structure needed to support prog. mgmt.
*Privacy prog. framework created by analyzing applicable laws, regulations and best practices tailored for the goals of the org.
Key concept: A structured privacy program…
exhibits an organization’s thoughtful and intentional plan to protect personal information and the rights of individuals
Privacy governance life cycle
Assess, protect, sustain and respond
Framework and life cycle
*
*
Key concept: Privacy program framework and lifecycle
Provide:
*Guidance and structure necessary to deal with privacy, which is dynamic and difficult to measure
*Reusable procedures and processes that outline course of action
* Inquiry topics and direction, (e.g., problem definition, purpose, literature review, methodology, data collection and analysis) to ensure quality through repeatable programmatic steps, thereby reducing error or gaps in knowledge or experience.
Key concept: Ownership and management of framework shared with
other stakeholders throughout the org, including employees, exec leadership, managers and external entities such as partners, vendors and customers.
Assess
*Provides the steps, checklists and processes necessary to assess any gaps in a privacy program as compared to industry best practices, corp. policies, applicable laws and regulations and the framework developed for the org.
*Elements may be performed in varying order and combinations
*Models and frameworks that allow measurement and alignment of these activities include AICPA/CICA Privacy Maturity Model, Generally Accepted Privacy Principles (GAPP) and Privacy by Design (PbD).
Protect
*Provides the data life cycle, information security practices and PbD principles to protect personal information
*Embeds privacy principles and infosec mgmt practices within the org to address, define and establish privacy practices
*Since privacy spans the org, must take into account laws and regulations applying to other areas such as labor or telecom law as they may interact w/privacy laws
Sustain
*Provides privacy mgmt through the monitoring, auditing and communication aspects of the framework
*Includes audit, risk and security practices
*Ensures business as usual for identification, mitigation and reporting of risk in variation or gaps in operations to meet regulatory, industry and business objectives
*Monitoring should be continuous and based on the org’s risk appetite
Respond
*Includes the respond principles of information requests, legal compliance, incident-response planning and incident handling
*Org needs to be prepared to properly receive, assess and respond to requests from customers, partners, vendors, employees, regulators, shareholders…
