Overview Flashcards
Privacy Framework v1.0
For more than two decades, the Internet and associated information technologies have driven unprecedented innovation, economic value, and access to social services. Many of these benefits are fueled by data about individuals that flow through a complex ecosystem. As a result, individuals may not be able to understand the potential consequences for their privacy as they interact with systems, products, and services. Organizations may not fully realize the consequences either.
Failure to manage ______ _______ can have direct adverse consequences at both the individual and societal levels, with follow-on effects on organizations’ brands, bottom lines, and future prospects for growth.
privacy risks
Finding ways to continue to derive benefits from ______ _______ while simultaneously protecting individuals’ privacy is challenging, and not well-suited to one-size-fits-all solutions.
data processing
For example, privacy can be achieved through
1) seclusion,
2) limiting observation, or
3) individuals’ control of facets of their identities (e.g., body, data, reputation).
the Privacy Framework’s purpose is to help organizations manage privacy risks by:
1) Taking privacy into account as they design and deploy systems, products, and services that affect individuals;
2) Communicating about their privacy practices; and
3) Encouraging cross-organizational workforce collaboration-for example, among executives, legal, and information technology (IT)-through the development of Profiles, selection of Tiers, and achievement of outcomes.
the Privacy Framework is composed of three parts
- Core,
- Profiles, and
- Implementation Tiers.
Each component reinforces how organizations manage privacy risk through
1) the connection between business or mission drivers,
2) organizational roles and responsibilities, and 3) privacy protection activities
Core
The Core is a set of privacy protection activities and outcomes that allows for communicating prioritized privacy protection activities and outcomes across an organization from the executive level to the implementation/operations level. The Core is further divided into key Categories and Subcategories-which are discrete outcomes-for each Function.
Profile
A Profile represents an organization’s current privacy activities or desired outcomes. To develop a Profile, an organization can review all of the outcomes and activities in the Core to determine which are most important to focus on based on business or mission drivers, data processing ecosystem role(s), types of data processing, and individuals’ privacy needs. An organization can create or add Functions, Categories, and Subcategories as needed. Profiles can be used to identify opportunities for improving privacy posture by comparing a “Current” Profile (the “as is” state) with a “Target” Profile (the “to be” state). Profiles can be used to conduct self- assessments and to communicate within an organization or between organizations about how privacy risks are being managed.
Implementation Tiers (“Tiers”)
Implementation Tiers (“Tiers”) provide a point of reference on how an organization views privacy risk and whether it has sufficient processes and resources in place to manage that risk. Tiers reflect a progression from informal, reactive responses to approaches that are agile and risk informed. When selecting Tiers, an organization should consider its Target Profile(s) and how achievement may be supported or hampered by its current risk management practices, the degree of integration of privacy risk into its enterprise risk management portfolio, its data processing ecosystem relationships, and its workforce composition and training program.
Privacy Risk Management
While some organizations have a robust grasp of privacy risk management, a common understanding of many aspects of this topic is still not widespread. To promote broader understanding, this section covers concepts and considerations that organizations may use to develop, improve, or communicate about privacy risk management. Appendix D provides additional information on key privacy risk management practices.
CYBERSECURITY AND PRIVACY RISK MANAGEMENT
Since its release in 2014, the Cybersecurity Framework has helped organizations to communicate and manage cybersecurity risk. While managing cybersecurity risk contributes to managing privacy risk, it is not sufficient, as privacy risks can also arise by means unrelated to cybersecurity incidents, as illustrated by Figure 2.
Having a general understanding of the different origins of cybersecurity and privacy risks is important for determining the most effective solutions to address the risks.
CYBERSECURITY RISKS
associated with cybersecurity incidents arising from loss of confidentiality, integrity, or availability cyber security- related privacy events
Information Governance Senior Active Matter Management Analyst - Holland & Knight LLP
Feb 2020 - Present1 year 10 months
Brandon, Florida, United States
● Create develop, and deploy Firm-wide information governance policies and procedures.
● Work collaboratively with cross-functional teams to discuss scope of projects and subsequently develop workflows.
● Identify and analyze unstructured data within the Firm and work with end users to properly structure and remediate data.
● Create marketing plan for the information governance department, including video webinar series and subject specific content for Firm-wide on-boarding & ongoing educational development.
● Create and manage projects, including writing project charter, development of policies and procedures.
● Lead effort to on-board new hires within the AMM Department, including creation of training schedules and content.
● Implemented new automated system for the largest project currently underway, including requirements gathering, and training of other internal stakeholders
● Project manager for many operational projects concurrently