Privacy Program Management: Chapter 2 Frameworks and Governance Flashcards

1
Q

Vision and Mission

A

Align with orgs broader purpose

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Privacy mission statement

A

describes the purpose and ideas in just a few sentences
should take less than 30 seconds to read

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Privacy program scope

A
  1. Identify personal info collected and processed (Article 30)
  2. identify applicable privacy and data protection laws and regulations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Privacy Strategy Value

A

Org approach to communicating and supporting the privacy program

Management growing awareness of the importance of protecting personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Privacy Program Governance

A
  1. identify stakeholders and partners
  2. Establish an executive privacy team, sponsor
  3. develop best practices
  4. conduct privacy workshops for stakeholders
  5. Keep a record of ownership, discussions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Goals of a Privacy Framework

A
  • Help achieve compliance with laws
  • Serve as a competitive advantage
  • Support business commitment and objectives
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Common Privacy Frameworks

A
  • Fair Information Practices: provide basic privacy principles (rights, controls, life cycle, management)
  • Org for Economic Co-operation and Development (IECD) Guidelines: basis for GDPR, most widely accepted
  • AICPA, CICA, GAPP
  • NIST Privacy Framework: Core, Profile, Tiers
  • PbD: proactive, default, embedded in design, full functionality (positive sum), end-to-end security, visibility / transparency, respect for user privacy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Privacy team structures

A

Centralized
Local / Decentralized
Hybrid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Org roles for privacy

A

CPO: corporate leader for strategy
Privacy Director / Manager: implement strategy
Privacy analyst: entry level, tactical
Bus Line Leader: senior management
Privacy Legal Counsel: legal experts
First Responders: support specific processes
DPO: required by Article 37
Privacy Engineer: technical implementation
Privacy Technologist: audit, risk, compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Rationalize

A

Implement a solution that materially addresses wide range of privacy requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AICPA/CICA (GAPP) Principals

A
  1. Management of privacy
  2. Notice provided about privacy policies
  3. Choice and consent
  4. Collection only for purposes disclosed
  5. Use, retention, and disposal
  6. Access provided to data subjects for review and collection
  7. Disclosure to Third-parties only within purpose
  8. Security for Privacy
  9. Quality of data is ensured
  10. Monitoring and Enforcement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

GDPR Article 37

A

DPO must be appointed, expert in privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

GDPR Article 38

A

DPO must report to the highest levels of the org

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

GDPR Article 39

A

Activities shall include:
- monitoring companies compliance with GDPR
- provide advice during DPIAs
- cooperate with supervisory authorities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly