Strategic Management Flashcards
1
Q
3 sub tasks of strategic managment
A
- Create organizational privacy vision and mission statement
- Develop privacy strategy
- Structure privacy team
2
Q
I. Privacy vision and mission statement
A
- Develop vision and mission statement objectives
- Define privacy program scope -laws, data impacted
- ID legal, regulatory compliance challenges, domestic and global; inventory of PI and uses
3
Q
Privacy models
A
- Sectoral (US)
- Comprehensive (EU, Canada)
- Co-regulatory (Australia)
- Self-regulatory (US, Japan, Singapore
4
Q
Questions to determine privacy legal requirements
A
- Who collects, uses, maintains PI?
- What types of PI and what legal requirements apply?
- Where is data stored?
- When is data collected, how and why?
5
Q
6 key questions about laws
A
- Who is covered by laws?
- What type of PI is covered?
- What is required, prohibited?
- Who enforces?
- Sanctions?
- Why does the law exist?
6
Q
II. Develop privacy strategy
A
- ID stakeholders and internal partnerships, build consensus in mgt
- Leverage key functions (buy-in)
- Create process for interfacing within the organisation
- Develop data governance strategy (collection, authorised use, access, security, destruction; survey of laws; rationalise requirements)
- Privacy workshops for stakeholders
7
Q
Privacy program activities (key functions)
A
- adoption of privacy program and procedures
- development of privacy training and communications
- deployment of privacy and security enhancing controls
- contracting with management of 3Ps
- assessment of compliance
8
Q
III. Structure privacy team
A
- governance: where lodged, IT or legal?
- establish organisational model, responsibility, reporting structure
- executive privacy team: CSO, CRO, CLO, CIO, BC exec, mkting exec, rep of business
9
Q
Governance models
A
- Centralized (CPO) - efficient, direction flows from single source
- Local (decentralised) - less efficient, flat organigram, less rigid policies
- Hybrid (MNCs) - CPO for policies and regional compliance hubs