Develop and implement a framework

Question 1

Framework definition

Answer 1

Implementation roadmap that provides structure/checklists to guide privacy professional through privacy management and prompts them for details to determine privacy relevant decisions for organisation

Question 2

Popular privacy frameworks

Answer 2

1. APEC (enables transfers)
2. Guidance from DPAs (CNIL)
3. PIPEDA (Canada)
4. Australian information privacy principles
5. OECD and conv. 108 (EU DPD)
6. Privacy by design
7. White house privacy framework
8. FTC recommendations for business and policy makers

Question 3

Framework elements

Answer 3

1. Define privacy risks
2. Assign accountability, responsibility for managing privacy program
3. Identify gaps
4. Monitor privacy management
5. Training employees
6. Best practices for inventories, risk assessment, PIA
7. IRP
8. Communication re privacy related matters

Question 4

Steps to develop framework

Answer 4

1. Business case development: laws, industry FW, customer needs
2. gap analysis
3. review and monitor progress
4. communicate FW

Question 5

Foundational elements of business case development: defines program needs and ways to meet program goals

Answer 5

1. Organise privacy office guidance/program/management
2. Define privacy for organisation - inventory
3. laws and regulations, based on location/industry
4. Technical and physical controls (security)for CIA; PIA for all new systems - ISO 27001 and 2 (risk assessment); PCI-DSS
5. Privacy organisations (external) - guard against misuse (ACLU, BBB, Elec. Frontier Foundation)
6. Industry FW privacy guidelines
7. Privacy enhancing technologies (PETS)- transmission, storage, use of PI; Platform for Privacy Preferences (P3P) systems
8. Privacy innovation (IT) - social NW, cookies, internet web cookie policy
9. Education and awareness
10. Program assurance, including audits, governance structure