Download
1 / 24
250 likes | 284 Views
Watch the webinar on-demand: https://info.truste.com/privacy-program-management-framework-webinar.html <br>Privacy Program Management is not a once-and-done activity. To be successful it requires ongoing management and a clear framework of standards and operational controls to support each phase of privacy program development. Privacy also needs to be aligned with compliance, IT, Legal and the business and form part of an organization’s broader compliance and information management objectives.<br>Watch this on-demand webinar NOW to understand how using a privacy control framework can help set you up for success and ensure that your program is aligned with the requirements of the GDPR and other key privacy laws and regulatory frameworks: https://info.truste.com/privacy-program-management-framework-webinar.html<br>To register for upcoming other TRUSTe Webinars (upcoming/on-demand) visit: https://www.truste.com/events/privacy-insight-webinar-schedule/
E N D
Privacy Insight Series • Winter / Spring 2017 Webinar Program Privacy Program Management: A Framework for Success March 23, 2017 © TRUSTe Inc., 2017 Powering Privacy Compliance and Trust
Today’s Speaker Hilary Wandall General Counsel Chief Data Governance Officer TRUSTe Privacy Insight Series - truste.com/insightseries
Today’s Agenda • Welcome & Introductions • Policy and Regulatory Origins and Developments • Choosing a Model • Framework for Core Program Elements • 3Ds: Design, Document & Demonstrate • Q&A Privacy Insight Series - truste.com/insightseries
Privacy Insight Series • Winter / Spring 2017 Webinar Program Policy and Regulatory Origins and Developments © TRUSTe Inc., 2017 Powering Privacy Compliance and Trust
Policy and Regulatory Origins • OECD Privacy Guidelines – 1980 • Accountability Principle • PIPEDA (Canada) – 2000 • Accountability Principle • APEC Privacy Framework – 2005 • Accountability Principle • CIPL Accountability Project – 2008 • APEC CBPRs – 2011 • Canada Privacy Management Program – 2012 • Revised OECD Privacy Guidelines – 2013 • Privacy Management Programme • EU GDPR – 2016 Privacy Insight Series - truste.com/insightseries
OECD Privacy Guidelines 2013 • New Part III – Implementing Accountability • Establish a Privacy Management Programme • o Implements requirements of the Guidelines • o Tailored based on structure, scale, sensitivity and volume of the • operations (“risk factors”) • o Safeguards implemented based on privacy risk assessment • o Integrated with organizational governance and oversight mechanisms • o Inquiry and incident response mechanisms • o Update based on monitoring and periodic assessment • Demonstrate the programme to regulators and others responsible for enforcement Privacy Insight Series - truste.com/insightseries
EU GDPR – Example Provisions • Article 5.2 • Controllers are responsible for demonstrating compliance with the principles of: • Lawfulness, fairness and transparency • Purpose limitation • Data minimization • Accuracy • Storage limitation • Integrity and confidentiality • Article 24 • Controllers are responsible for implementing organizational and technical measures to ensure and demonstrate that processing is compliant, such as policies and procedures, codes of conduct, or certification • Article 39 – Tasks of the DPO • Advice, monitoring compliance, awareness, training, audits Privacy Insight Series - truste.com/insightseries
Privacy Insight Series • Winter / Spring 2017 Webinar Program Choose a Model © TRUSTe Inc., 2017 Powering Privacy Compliance and Trust
Choose a Model • Consider organizational structure • Where are you headquartered? • Centralized versus distributed • Is central coordination possible and effective? • How do other organizational governance functions operate? • Consider functional alignment and coordination • Which organizational area is best suited to support sustainable success of the program? • Is there a strong executive champion? • What levels of cross-functional coordination are needed – strategic vs. tactical? • Consider legal requirements, ethical obligations and risk • Legal drivers, culture toward ethical and CSR considerations • Organizational risk tolerance Privacy Insight Series - truste.com/insightseries
Aligning Organizational Governance & Oversight Compliance Ethics CSR Legal Regulatory Government IT Affairs Privacy Data & Risk Mgmt. Records Mgmt. Business Analytics Privacy Insight Series - truste.com/insightseries
Aligning Organizational Governance & Oversight • Elements of an Effective Ethics and Compliance Program • Establish Policies, Procedures and Controls • Exercise Effective Compliance & Ethics Oversight • Exercise Due Diligence (third party risk) • Communicate and Educate Employees • Monitor and Audit for Effectiveness • Ensure Consistent Rewards and Sanctions • Incident Response and Prevention Privacy Insight Series - truste.com/insightseries
Privacy Insight Series • Winter / Spring 2017 Webinar Program Framework for Core Program Elements © TRUSTe Inc., 2017 Powering Privacy Compliance and Trust
Build Your Program – 6 Essential Elements Build Establish, maintain and evolve an integrated privacy and data governance program aligned with other data management and information risk functions such as security, IP, trade secret protection and e-discover Learn and Evolve Over Time Privacy Insight Series - truste.com/insightseries
Demonstrate Your Program – 2 Core Standards Demonstrate Demonstrate program and practices compliance, maturity, responsibility and value to organizational leadership, regulators, customers, other stakeholders through monitoring, assurance, reporting and certification Learn and Evolve Over Time Privacy Insight Series - truste.com/insightseries
Privacy Insight Series • Winter / Spring 2017 Webinar Program 3Ds: Design, Document, Demonstrate © TRUSTe Inc., 2017 Powering Privacy Compliance and Trust
Tools to Build and Demonstrate Your Program Supported by the TRUSTe Data Privacy Management Platform Privacy Insight Series - truste.com/insightseries
Privacy & Data Governance Program Assessment Privacy Insight Series - truste.com/insightseries
Privacy & Data Governance Program Assessment Privacy Insight Series - truste.com/insightseries
Privacy & Data Governance Program Assessment Privacy Insight Series - truste.com/insightseries
Privacy & Data Governance Program Assessment Privacy Insight Series - truste.com/insightseries
Privacy & Data Governance Program Assessment Privacy Insight Series - truste.com/insightseries
Privacy Insight Series • Winter / Spring 2017 Webinar Program Questions? © TRUSTe Inc., 2017 Powering Privacy Compliance and Trust
Privacy Insight Series • Winter / Spring 2017 Webinar Program Contact Hilary Wandall hilary@truste.com © TRUSTe Inc., 2017 Powering Privacy Compliance and Trust
Privacy Insight Series • Winter / Spring 2017 Webinar Program Thank You! See http://www.truste.com/insightseries for the 2017 Privacy Insight Series and past webinar recordings. © TRUSTe Inc., 2017 Powering Privacy Compliance and Trust
