Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPM JUNE 2023 > Privacy Program Management: Chapter 1 Intro to program management > Flashcards

Privacy Program Management: Chapter 1 Intro to program management Flashcards

1
Q

What is Privacy Program Management

A

A structured approach to using frameworks and life cycle to protect PII

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Responsibilities of a Privacy Organization

A
  1. Comply with legal and regulatory requirements
  2. Meet expectations of clients or customers
  3. Prevent and mitigate privacy risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Framework

A

Skeletal structure needed to support program management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Privacy Program Framework

A

Analyze applicable laws, regulations and best practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Privacy Governance Lifecyle

A
  1. Assess
  2. Protect
  3. Sustain
  4. Respond
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Assess (lifecyle)

A
  1. Provide steps, checklists, and processes necessary to assess gaps
  2. Compared to industry best practices, corporate policies, applicable laws/regs, and privacy framework
  3. Elements can be performed asynchronously
  4. Maturity models: AICPA/CICA Privacy Maturity Model, Generally Accepted Privacy Principles (GAPP), Privacy by Design (PbD)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Protect (lifecycle)

A
  1. Data lifecycle, information security practices, PbD principles
  2. Embeds privacy principles and infosec management practices within the org
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Sustain (lifecyle)

A
  1. Monitoring, auditing, and communication
  2. Audit, risk, security practices for identification, mitigation and reporting of risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Respond (lifecycle)

A
  1. Info requests, legal compliance, incident-response planning and incident handling
  2. Reduce org risk and bolster compliance
  3. Customers, partners, vendors, employees, regulators, shareholders, and other legal entities
  4. Receive, assess, respond
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Orgs must meet privacy demands through:

A

Greater controls, processes, and procedures for information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Frameworks define

A
  1. Problem definition
  2. Purpose
  3. Literature review
  4. Methodology
  5. Data collection
  6. Analysis
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Goals of a Privacy Program Manager

A
  • Define privacy obligations for the org
  • Identify and mitigate privacy risks
  • Identify documentation, policies, and procedures around management of personal info
  • Create, revise, and implement policies and procedures
  • Raise the data IQ of the org to drive and embed privacy-oriented culture
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Goals of a Privacy Program

A
  • Demonstrate an effective and auditable framework for compliance
  • Promote trust and confidence in data by data subjects
    -Highlight that the org takes privacy seriously
  • Respond effectively to privacy breaches and DSARs
  • Continuous monitoring, maintaining and improving the maturity of the program
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Privacy Program Manager responsibilities

A

Policies, notices, procedures, and governance
Privacy training
Incident response and investigation
Data subject requests
Communications
Privacy Controls
Privacy issues with products/services
Privacy monitoring
PIAs
Privacy staff development
Privacy data committees
PbD in product development
Vendor management
Privacy audits
Privacy metrics
Cross-border transfers
Prep for legislative change
Privacy subscriptions
Privacy travel
Redress and consumer outreach
Privacy software
Privacy certification seals
Cross functional collaboration
Internal and external reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Accountable organizations

A

orgs that have the proper policies and procedures to promote proper handling of pii

promote trust and transparency

document policies and any variations to it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Accountable roles

A

Privacy program manager, CISO, DPO

17
Q

Why does an org need a privacy program

A

Accountability
Respect for PII
Enhance orgs brand and public trust
Meet reg obligations
Encourage ethical data processing practices
Enabling global ops, such as M&A
Preventing and mitigating data breaches
Providing competitive differentiator
Increasing the value of data
Reducing the risk of lawsuits
Being a good corporate citizen
Meeting expectations of customers and clients
Data ethics in org decisions

18
Q

How teams help with privacy

A
  • Learning & Dev: translate content into teachable info
  • Communications: publish content to web, email, posters
  • Infosec: closely aligned with privacy, ensures technical controls are in place
  • IT: enhance the effectiveness of privacy principles, especially access controls
  • Internal audit: assess whether controls are in place
  • Procurement: ensure proper vendor vetting and contracts
  • HR: employee info
  • Ethics and compliance: whistleblowing and complaints
  • Marketing and advertising: proper handling of data
  • Bus dev: good data protection can drive business
  • Finance: payment
  • Legal: regs and requirements
  • Risk: ensure privacy risks are tracked
  • Data governance: support privacy reqs
  • Product: PIA, PbD&D
19
Q

Privacy Championing

A

Privacy committee, Council
Privacy Champions
Reps for different regions

CIPM JUNE 2023 (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions