270 likes | 412 Views
Six practical steps to build an effective data privacy program from conducting an initial privacy risk assessment to implementing controls & ongoing maintenance.<br>Watch the complete webinar from leading privacy experts on 6 practical steps to build a data privacy program https://info.truste.com/lp/truste/On-Demand-Webinar-Reg-Page2.html?asset=KB5XQRQG-567
E N D
Building an Effective Privacy Program – Six Practical Steps September 24, 2015 v v Privacy Insight Series 1
Today’s Speakers Beth Sipula, CIPP/US Senior Consultant, TRUSTe Paola Zeni Director Global Privacy, Ethics and Compliance Symantec Corporation v Privacy Insight Series 2
Six Practical Steps Framework Development and Management Risk Mgmt Vendor & Third Parties Privacy by Design Incident Response v Privacy Insight Series 3
Poll Question #1 – What level on the maturity scale is your organization? Staged Maturity Levels Level 5 Optimized Process Measured & Controlled Process Characterized & Understood Level 4 Quantitatively Managed Level 3 Defined Process in Place & Proactive Continuous Improvement Level 2 Managed Process Unpredictable Level 1 Initial v Privacy Insight Series 4
Step 1 - Create the Framework Create the Framework (based on the requirements for your organization) • Analysis of regulatory/contractual requirements • Review legislative requirements/Geos • Develop a budget and a roadmap • Privacy Committee/Privacy Champions v Privacy Insight Series 5
Poll Question #2 What team or business unit is primarily responsible for managing privacy risks in your organization? • Legal/Compliance • IT/Security • Internal Audit • Product/Development • Other v Privacy Insight Series 6
Step 2 - Risk Management Develop a Risk Management Process • Data discovery and data inventory • Comprehensive risk assessment process • Risk Management Committee to rank ongoing risks • Executive sponsor and champion v Privacy Insight Series 7
Step 3 - Privacy by Design Build in Privacy • PIAs • Create tools and processes for product/development teams • Identify risks and analysis of impacts • Leverage existing development processes where possible • Training v Privacy Insight Series 8
Incident Response Develop an Incident Response Plan • Process, plan and toolkit • RACI charts • Responsible/accountable/consulted/informed • Privilege • Crisis communications plan (internal/external) • Test plan regularly and update • Tabletop exercises • Common scenarios v Privacy Insight Series 9
Step 5 - Vendor and Third Party Management Develop a Comprehensive Approach • Understand who has access to sensitive data, purpose, access and data transfers • Documentation • Contractual requirements • Partner with Procurement v Privacy Insight Series 10
Step 6 - Program Development and Ongoing Monitoring How do you keep moving forward once you have the basics in place? • Monitor regulatory changes • Establish metrics to measure your program effectiveness • Reporting on program effectiveness • Ongoing training and communication • Building privacy champions • Employee training • Privacy sensitive culture v Privacy Insight Series 11
Key Take-Aways v v Privacy Insight Series 12
Key Take-Aways • Start with a roadmap and implement the basics • Manage risks • Partner with other areas of the organization • Utilize tools and automate whenever possible • Prioritize training and communicate privacy • Building blocks of a privacy centric culture v Privacy Insight Series 13
Moving Forward Framework Development and Management Risk Mgmt Vendor & Third Parties Privacy by Design Incident Response v Privacy Insight Series 14
Questions? v v Privacy Insight Series 15
Contacts Beth Sipula Paola Zeni bsipula@truste.com paola.zeni@veritas.com v v Privacy Insight Series 16
Thank You! Don’t miss the next webinar in the Series –“ Top 5 Things the CISO Needs to Know about Data Privacy” on October 15th See http://www.truste.com/insightseries for details of future webinars and recordings. v v Privacy Insight Series 17