CIPM Assess Flashcards

1
Q

Privacy operational life cycle: 4 phases

A
  1. Assess (measure) current processes, procedures, management and practices for privacy management
  2. Protect (improve)
  3. Sustain (evaluate)
  4. Respond (support)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Assessment maturity models definition

A

methods to measure progress against established benchmarks and measurements-provides standardised reference for companies to use in assessing level of maturity of privacy program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Assessment models

A
  1. AICPA/CICA
  2. PROP (privacy risk optimisation process)/PbD
  3. FTC/PbD
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

PbD definition

A

(1) Embed privacy into design of technology, business practices, physical design (for assess and protect phases);
(2) dictates that privacy and DP embedded throughout life cycle of technologies
(3) proactive:
- life cycle protection
- embedded in design
- by default
(4) respect for users
- visibility/transparency
- positive sum

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AICPA/CICA 5 level privacy maturity model

A
  1. ad hoc: informal, incomplete, inconsistent
  2. repeatable: procedures exist but with gaps
  3. defined: fully documented, cover all
  4. managed: reviews conducted for effectiveness of controls in place
  5. optimized: regular reviews and feedback towards optimization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

PROP (privacy risk optimisation process)

A

used to integrate PbD into business processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

FTC consumer PbD

A
Baseline principle of PBD is that companies promote consumer privacy throughout organization at every stage of development of products and services. Includes:
1. Substantive privacy practices:
-data security
-reasonable collection limits
-sound retention and disposal
-data accuracy
-procedural protections to implement substantive principles
Privacy protection
PIA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Assess key areas of business

A
  1. Audit: identify risks and gaps
  2. IT- BC and DR and alignment with privacy policy
  3. IS-IT systems, building, remote users, vendors; CIA and AA (confidentiality, integrity, availability, accountability, assurance); IRP
  4. HR/Ethics - latter should be independent
  5. Legal - due diligence - which privacy laws apply
  6. Compliance - privacy program track and investigate roles and responsibility
  7. Processors/3P vendors - privacy controls in K; vet vendors then monitor and control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly