-
1 v Privacy Insight Series v
Building an Effective Privacy
Program Six Practical Steps
September 24, 2015
-
2 v Privacy Insight Series
Todays Speakers
Beth Sipula, CIPP/US
Senior Consultant, TRUSTe
Paola Zeni
Director
Global Privacy, Ethics and Compliance
Symantec Corporation
-
3 v Privacy Insight Series
Six Practical Steps
Framework
Risk Mgmt
Privacy by Design
Incident Response
Vendor & Third Parties
Development and
Management
-
4 v Privacy Insight Series
Poll Question #1 What level on the maturity scale is your organization?
Level 1
Initial
Level 2
Managed
Level 3
Defined
Level 4
Quantitatively
Managed
Level 5
Optimized
Process in Place
& Proactive
Process
Unpredictable
Process
Measured & Controlled
Process
Characterized & Understood
Continuous
Improvement
Staged Maturity Levels
-
5 v Privacy Insight Series
Step 1 - Create the Framework
Create the Framework (based on the requirements for
your organization)
Analysis of regulatory/contractual requirements
Review legislative requirements/Geos
Develop a budget and a roadmap
Privacy Committee/Privacy Champions
-
6 v Privacy Insight Series
Poll Question #2
What team or business unit is primarily responsible for
managing privacy risks in your organization?
Legal/Compliance IT/Security Internal Audit Product/Development Other
-
7 v Privacy Insight Series
Step 2 - Risk Management
Develop a Risk Management Process
Data discovery and data inventory
Comprehensive risk assessment process
Risk Management Committee to rank ongoing risks
Executive sponsor and champion
-
8 v Privacy Insight Series
Step 3 - Privacy by Design
Build in Privacy
PIAs
Create tools and processes for product/development teams
Identify risks and analysis of impacts
Leverage existing development processes where possible
Training
-
9 v Privacy Insight Series
Incident Response
Develop an Incident Response Plan
Process, plan and toolkit
RACI charts Responsible/accountable/consulted/informed Privilege
Crisis communications plan (internal/external)
Test plan regularly and update Tabletop exercises Common scenarios
-
10 v Privacy Insight Series
Step 5 - Vendor and Third Party Management
Develop a Comprehensive Approach
Understand who has access to sensitive data, purpose, access and data transfers
Documentation
Contractual requirements
Partner with Procurement
-
11 v Privacy Insight Series
Step 6 - Program Development and Ongoing Monitoring
How do you keep moving forward once you have the
basics in place?
Monitor regulatory changes
Establish metrics to measure your program effectiveness
Reporting on program effectiveness
Ongoing training and communication Building privacy champions Employee training Privacy sensitive culture
-
12 v Privacy Insight Series v
Key Take-Aways
-
13 v Privacy Insight Series
Key Take-Aways
Start with a roadmap and implement the basics
Manage risks
Partner with other areas of the organization
Utilize tools and automate whenever possible
Prioritize training and communicate privacy
Building blocks of a privacy centric culture
-
14 v Privacy Insight Series
Moving Forward
Framework
Risk Mgmt
Privacy by Design
Incident Response
Vendor & Third Parties
Development and
Management
-
15 v Privacy Insight Series v
Questions?
-
16 v Privacy Insight Series v
Beth Sipula [email protected]
Paola Zeni [email protected]
Contacts
-
17 v Privacy Insight Series v
Dont miss the next webinar in the Series Top 5 Things the CISO Needs to Know about Data Privacy on October 15th
See http://www.truste.com/insightseries for details of future
webinars and recordings.
Thank You!