Develop and implement a framework Flashcards
1
Q
Framework definition
A
Implementation roadmap that provides structure/checklists to guide privacy professional through privacy management and prompts them for details to determine privacy relevant decisions for organisation
2
Q
Popular privacy frameworks
A
- APEC (enables transfers)
- Guidance from DPAs (CNIL)
- PIPEDA (Canada)
- Australian information privacy principles
- OECD and conv. 108 (EU DPD)
- Privacy by design
- White house privacy framework
- FTC recommendations for business and policy makers
3
Q
Framework elements
A
- Define privacy risks
- Assign accountability, responsibility for managing privacy program
- Identify gaps
- Monitor privacy management
- Training employees
- Best practices for inventories, risk assessment, PIA
- IRP
- Communication re privacy related matters
4
Q
Steps to develop framework
A
- Business case development: laws, industry FW, customer needs
- gap analysis
- review and monitor progress
- communicate FW
5
Q
Foundational elements of business case development: defines program needs and ways to meet program goals
A
- Organise privacy office guidance/program/management
- Define privacy for organisation - inventory
- laws and regulations, based on location/industry
- Technical and physical controls (security)for CIA; PIA for all new systems - ISO 27001 and 2 (risk assessment); PCI-DSS
- Privacy organisations (external) - guard against misuse (ACLU, BBB, Elec. Frontier Foundation)
- Industry FW privacy guidelines
- Privacy enhancing technologies (PETS)- transmission, storage, use of PI; Platform for Privacy Preferences (P3P) systems
- Privacy innovation (IT) - social NW, cookies, internet web cookie policy
- Education and awareness
- Program assurance, including audits, governance structure