Domain I - Developing a Privacy Program Flashcards
provides a solid foundation for the governance of a privacy program and defines how the privacy program may be developed, measured and improved;
I. Developing a Privacy Program
A. Create a company vision
a. Acquire knowledge on privacy approaches
b. Evaluate the intended objective
c. Gain executive sponsor approval for this vision
B. Establish a Data Governance model
a. Centralized
b. Distributed
c. Hybrid
C. Establish a privacy program
a. Define program scope and charter
b. Identify the source, types, and uses of personal information (PI) within the organization and the applicable laws
c. Develop a privacy strategy
i. Business alignment
1. Finalize the operational business case for privacy
2. Identify stakeholders
3. Leverage key functions
4. Create a process for interfacing within organization
5. Align organizational culture and privacy/data protection objectives
ii. Obtain funding/budget for privacy and the privacy team
iii. Develop a data governance strategy for personal information
(collection, authorized use, access, destruction)
iv. Plan inquiry/complaint handling procedures (customers, regulators,
etc.)
v. Ensure program flexibility in order to incorporate
legislative/regulatory/market/business requirements
D. Structuretheprivacyteam
a. Establish the organizational model, responsibilities and reporting structure appropriate to the size of the organization
i. Large organizations
1. Chief privacy officer
2. Privacy manager
3. Privacy analysts
4. Business line privacy leaders 5. “First responders”
ii. Small organizations/sole data protection officer (DPO) including when not only job
b. Designate a point of contact for privacy issues
c. Establish/endorse the measurement of professional competency
E. Communicate
a. Awareness
i. Create awareness of the organization’s privacy program internally and externally
ii. Develop internal and external communication plans to ingrain organizational accountability
iii. Identify, catalog and maintain documents requiring updates as privacy requirements change
Proactive privacy management is accomplished through three tasks
1) Define your organization’s privacy vision and privacy mission statements
2) Develop privacy strategy
3) Structure your privacy team
This is needed to structure responsibilities with business goals
Strategic Management