building an effective data privacy program – 6 steps from truste

17
1 v Privacy Insight Series v Building an Effective Privacy Program Six Practical Steps September 24, 2015

Upload: truste

Post on 24-Jul-2016

215 views

Category:

Documents


0 download

DESCRIPTION

Six practical steps to build an effective data privacy program from conducting an initial privacy risk assessment to implementing controls & ongoing maintenance. Watch the complete webinar from leading privacy experts on 6 practical steps to build a data privacy program https://info.truste.com/lp/truste/On-Demand-Webinar-Reg-Page2.html?asset=KB5XQRQG-567

TRANSCRIPT

1 v Privacy Insight Series v

Building an Effective Privacy

Program – Six Practical Steps

September 24, 2015

2 v Privacy Insight Series

Today’s Speakers

Beth Sipula, CIPP/US

Senior Consultant, TRUSTe

Paola Zeni

Director

Global Privacy, Ethics and Compliance

Symantec Corporation

3 v Privacy Insight Series

Six Practical Steps

Framework

Risk Mgmt

Privacy by Design

Incident Response

Vendor & Third Parties

Development and

Management

4 v Privacy Insight Series

Poll Question #1 –

What level on the maturity scale is your organization?

Level 1

Initial

Level 2

Managed

Level 3

Defined

Level 4

Quantitatively

Managed

Level 5

Optimized

Process in Place

& Proactive

Process

Unpredictable

Process

Measured & Controlled

Process

Characterized & Understood

Continuous

Improvement

Staged Maturity Levels

5 v Privacy Insight Series

Step 1 - Create the Framework

Create the Framework (based on the requirements for

your organization)

• Analysis of regulatory/contractual requirements

• Review legislative requirements/Geos

• Develop a budget and a roadmap

• Privacy Committee/Privacy Champions

6 v Privacy Insight Series

Poll Question #2

What team or business unit is primarily responsible for

managing privacy risks in your organization?

• Legal/Compliance

• IT/Security

• Internal Audit

• Product/Development

• Other

7 v Privacy Insight Series

Step 2 - Risk Management

Develop a Risk Management Process

• Data discovery and data inventory

• Comprehensive risk assessment process

• Risk Management Committee to rank ongoing risks

• Executive sponsor and champion

8 v Privacy Insight Series

Step 3 - Privacy by Design

Build in Privacy

• PIAs

• Create tools and processes for product/development

teams

• Identify risks and analysis of impacts

• Leverage existing development processes where

possible

• Training

9 v Privacy Insight Series

Incident Response

Develop an Incident Response Plan

• Process, plan and toolkit

• RACI charts

• Responsible/accountable/consulted/informed

• Privilege

• Crisis communications plan (internal/external)

• Test plan regularly and update

• Tabletop exercises

• Common scenarios

10 v Privacy Insight Series

Step 5 - Vendor and Third Party Management

Develop a Comprehensive Approach

• Understand who has access to sensitive data, purpose,

access and data transfers

• Documentation

• Contractual requirements

• Partner with Procurement

11 v Privacy Insight Series

Step 6 - Program Development and Ongoing Monitoring

How do you keep moving forward once you have the

basics in place?

• Monitor regulatory changes

• Establish metrics to measure your program effectiveness

• Reporting on program effectiveness

• Ongoing training and communication

• Building privacy champions

• Employee training

• Privacy sensitive culture

12 v Privacy Insight Series v

Key Take-Aways

13 v Privacy Insight Series

Key Take-Aways

• Start with a roadmap and implement the basics

• Manage risks

• Partner with other areas of the organization

• Utilize tools and automate whenever possible

• Prioritize training and communicate privacy

• Building blocks of a privacy centric culture

14 v Privacy Insight Series

Moving Forward

Framework

Risk Mgmt

Privacy by Design

Incident Response

Vendor & Third Parties

Development and

Management

15 v Privacy Insight Series v

Questions?

16 v Privacy Insight Series v

Beth Sipula [email protected]

Paola Zeni [email protected]

Contacts

17 v Privacy Insight Series v

Don’t miss the next webinar in the Series – “ Top 5 Things the

CISO Needs to Know about Data Privacy” on October 15th

See http://www.truste.com/insightseries for details of future

webinars and recordings.

Thank You!