Develop and implement a framework Flashcards

1
Q

Framework definition

A

Implementation roadmap that provides structure/checklists to guide privacy professional through privacy management and prompts them for details to determine privacy relevant decisions for organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Popular privacy frameworks

A
  1. APEC (enables transfers)
  2. Guidance from DPAs (CNIL)
  3. PIPEDA (Canada)
  4. Australian information privacy principles
  5. OECD and conv. 108 (EU DPD)
  6. Privacy by design
  7. White house privacy framework
  8. FTC recommendations for business and policy makers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Framework elements

A
  1. Define privacy risks
  2. Assign accountability, responsibility for managing privacy program
  3. Identify gaps
  4. Monitor privacy management
  5. Training employees
  6. Best practices for inventories, risk assessment, PIA
  7. IRP
  8. Communication re privacy related matters
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Steps to develop framework

A
  1. Business case development: laws, industry FW, customer needs
  2. gap analysis
  3. review and monitor progress
  4. communicate FW
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Foundational elements of business case development: defines program needs and ways to meet program goals

A
  1. Organise privacy office guidance/program/management
  2. Define privacy for organisation - inventory
  3. laws and regulations, based on location/industry
  4. Technical and physical controls (security)for CIA; PIA for all new systems - ISO 27001 and 2 (risk assessment); PCI-DSS
  5. Privacy organisations (external) - guard against misuse (ACLU, BBB, Elec. Frontier Foundation)
  6. Industry FW privacy guidelines
  7. Privacy enhancing technologies (PETS)- transmission, storage, use of PI; Platform for Privacy Preferences (P3P) systems
  8. Privacy innovation (IT) - social NW, cookies, internet web cookie policy
  9. Education and awareness
  10. Program assurance, including audits, governance structure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly