Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Privacy Program Management: A Framework For Success - TRUSTe

    Hochgeladen von

    TrustArc
    111 Ansichten25 Seiten
    Watch the webinar on-demand: https://info.truste.com/privacy-program-management-framework-webinar.html Privacy Program Management is not a once-and-done activity. To be successful it requires ongoing management and a clear framework of standards and operational controls to support each phase of privacy program development. Privacy also needs to be aligned with compliance, IT, Legal and the business and form part of an organization’s broader compliance and information management objectives. Watch this on-demand webinar NOW to understand how using a privacy control framework can help set you up for success and ensure that your program is aligned with the requirements of the GDPR and other key privacy laws and regulatory frameworks: https://info.truste.com/privacy-program-management-framework-webinar.html To register for upcoming other TRUSTe Webinars (upcoming/on-demand) visit: https://www.truste.com/events/privacy-insight-webinar-schedule/

    Originaltitel

    Privacy Program Management: A Framework for Success | TRUSTe

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Watch the webinar on-demand: https://info.truste.com/privacy-program-management-framework-webinar.html Privacy Program Management is not a once-and-done activity. To be successful it requires ongoing management and a clear framework of standards and operational controls to support each phase of privacy program development. Privacy also needs to be aligned with compliance, IT, Legal and the business and form part of an organization’s broader compliance and information management objectives. Watch this on-demand webinar NOW to understand how using a privacy control framework can help set you up for success and ensure that your program is aligned with the requirements of the GDPR and other key privacy laws and regulatory frameworks: https://info.truste.com/privacy-program-management-framework-webinar.html To register for upcoming other TRUSTe Webinars (upcoming/on-demand) visit: https://www.truste.com/events/privacy-insight-webinar-schedule/

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    111 Ansichten25 Seiten

    Privacy Program Management: A Framework For Success - TRUSTe

    Hochgeladen von

    TrustArc
    Watch the webinar on-demand: https://info.truste.com/privacy-program-management-framework-webinar.html Privacy Program Management is not a once-and-done activity. To be successful it requires ongoing management and a clear framework of standards and operational controls to support each phase of privacy program development. Privacy also needs to be aligned with compliance, IT, Legal and the business and form part of an organization’s broader compliance and information management objectives. Watch this on-demand webinar NOW to understand how using a privacy control framework can help set you up for success and ensure that your program is aligned with the requirements of the GDPR and other key privacy laws and regulatory frameworks: https://info.truste.com/privacy-program-management-framework-webinar.html To register for upcoming other TRUSTe Webinars (upcoming/on-demand) visit: https://www.truste.com/events/privacy-insight-webinar-schedule/

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 25

    Privacy Program Management: A

    Framework for Success


    March 23, 2017

    v TRUSTe Inc., 2017


    Privacy Insight Series
    v - truste.com/insightseries 1
    TRUSTe Inc., 2017
    Todays Speaker

    Hilary Wandall
    General Counsel
    Chief Data Governance Officer
    TRUSTe

    Privacy Insight Series


    v - truste.com/insightseries 2
    TRUSTe Inc., 2017
    Todays Agenda

    Welcome & Introductions


    Policy and Regulatory Origins and Developments
    Choosing a Model
    Framework for Core Program Elements
    3Ds: Design, Document & Demonstrate
    Q&A

    Privacy Insight Series


    v - truste.com/insightseries 3
    TRUSTe Inc., 2017
    Policy and Regulatory Origins and
    Developments

    v TRUSTe Inc., 2017


    Privacy Insight Series
    v - truste.com/insightseries 4
    TRUSTe Inc., 2017
    Policy and Regulatory Origins
    OECD Privacy Guidelines 1980
    Accountability Principle
    PIPEDA (Canada) 2000
    Accountability Principle
    APEC Privacy Framework 2005
    Accountability Principle
    CIPL Accountability Project 2008
    APEC CBPRs 2011
    Canada Privacy Management Program 2012
    Revised OECD Privacy Guidelines 2013
    Privacy Management Programme
    EU GDPR 2016
    Privacy Insight Series
    v - truste.com/insightseries 5
    TRUSTe Inc., 2017
    OECD Privacy Guidelines 2013
    New Part III Implementing Accountability
    Establish a Privacy Management Programme
    o Implements requirements of the Guidelines
    o Tailored based on structure, scale, sensitivity and
    volume of the operations (risk factors)
    o Safeguards implemented based on privacy risk
    assessment
    o Integrated with organizational governance and
    oversight mechanisms
    o Inquiry and incident response mechanisms
    o Update based on monitoring and periodic assessment
    Demonstrate the programme to regulators and others
    responsible for enforcement
    Privacy Insight Series
    v - truste.com/insightseries 6
    TRUSTe Inc., 2017
    EU GDPR Example Provisions
    Article 5.2
    Controllers are responsible for demonstrating compliance with
    the principles of:
    o Lawfulness, fairness and transparency
    o Purpose limitation
    o Data minimization
    o Accuracy
    o Storage limitation
    o Integrity and confidentiality
    Article 24
    Controllers are responsible for implementing organizational
    and technical measures to ensure and demonstrate that
    processing is compliant, such as policies and procedures,
    codes of conduct, or certification
    Article 39 Tasks of the DPO
    Advice, monitoring compliance, awareness, training, audits
    Privacy Insight Series
    v - truste.com/insightseries 7
    TRUSTe Inc., 2017
    Choose a Model

    v TRUSTe Inc., 2017


    Privacy Insight Series
    v - truste.com/insightseries 8
    TRUSTe Inc., 2017
    Choose a Model

    Consider organizational structure


    Where are you headquartered?
    Centralized versus distributed
    Is central coordination possible and effective?
    How do other organizational governance functions operate?
    Consider functional alignment and coordination
    Which organizational area is best suited to support sustainable
    success of the program?
    Is there a strong executive champion?
    What levels of cross-functional coordination are needed
    strategic vs. tactical?
    Consider legal requirements, ethical obligations and risk
    Legal drivers, culture toward ethical and CSR considerations
    Organizational risk tolerance
    Privacy Insight Series
    v - truste.com/insightseries 9
    TRUSTe Inc., 2017
    Aligning Organizational Governance & Oversight

    Compliance
    Ethics
    Legal CSR
    Regulatory
    Government IT
    Affairs

    Privacy

    Risk Mgmt. Data &


    Records
    Mgmt.
    Business
    Analytics

    Privacy Insight Series


    v - truste.com/insightseries 10
    TRUSTe Inc., 2017
    Aligning Organizational Governance & Oversight
    Elements of an Effective Ethics and Compliance Program
    Establish Policies, Procedures and Controls
    Exercise Effective Compliance & Ethics Oversight
    Exercise Due Diligence (third party risk)
    Communicate and Educate Employees
    Monitor and Audit for Effectiveness
    Ensure Consistent Rewards and Sanctions
    Incident Response and Prevention

    Privacy Insight Series


    v - truste.com/insightseries 11
    TRUSTe Inc., 2017
    Framework for Core Program Elements

    v TRUSTe Inc., 2017


    Privacy Insight Series
    v - truste.com/insightseries 12
    TRUSTe Inc., 2017
    Build Your Program 6 Essential Elements
    Integrated Identify stakeholders. Establish
    Governance program leadership and governance.
    Define program mission, vision and
    goals.
    Risk Identify, assess and classify data-
    Build Assessment related strategic, operational, legal
    Establish, maintain compliance and financial risks.
    and evolve an Resource Establish budgets. Define roles and
    integrated privacy Allocation responsibilities. Assign competent
    and data governance personnel.
    program aligned with
    Policies & Develop policies, procedures and
    other data
    Standards guidelines to define and deploy
    management and effective and sustainable governance
    information risk and controls for managing data-
    functions such as related risks.
    security, IP, trade
    secret protection and Processes Establish, manage, measure and
    e-discovery continually improve processes for
    PIAs, vendor assessments, incident
    management and breach notification,
    Learn and Evolve Over Time complaint handling and individual
    rights management.
    Awareness & Communicate expectations. Provide
    Training general & contextual training.
    Privacy Insight Series
    v - truste.com/insightseries 13
    TRUSTe Inc., 2017
    Demonstrate Your Program 2 Core Standards

    Demonstrate
    Demonstrate program
    and practices
    Monitoring & Evaluate and audit effectiveness of
    compliance, maturity,
    Assurance controls and risk mitigation initiatives.
    responsibility and
    value to Reporting & Demonstrate the value and
    organizational Certification effectiveness of your program and
    leadership, regulators, controls to customers, employees,
    customers, other management, the board of directors,
    stakeholders through regulators and the public.
    monitoring,
    assurance, reporting
    and certification

    Learn and Evolve Over Time

    Privacy Insight Series


    v - truste.com/insightseries 14
    TRUSTe Inc., 2017
    3Ds: Design, Document, Demonstrate

    v TRUSTe Inc., 2017


    Privacy Insight Series
    v - truste.com/insightseries 15
    TRUSTe Inc., 2017
    Tools to Build and Demonstrate Your Program

    Supported by the TRUSTe Data Privacy Management Platform

    Privacy Insight Series


    v - truste.com/insightseries 16
    TRUSTe Inc., 2017
    Privacy & Data Governance Program Assessment

    Privacy Insight Series


    v - truste.com/insightseries 17
    TRUSTe Inc., 2017
    Privacy & Data Governance Program Assessment

    Privacy Insight Series


    v - truste.com/insightseries 18
    TRUSTe Inc., 2017
    Privacy & Data Governance Program Assessment

    Privacy Insight Series


    v - truste.com/insightseries 19
    TRUSTe Inc., 2017
    Privacy & Data Governance Program Assessment

    Privacy Insight Series


    v - truste.com/insightseries 20
    TRUSTe Inc., 2017
    Privacy & Data Governance Program Assessment

    Privacy Insight Series


    v - truste.com/insightseries 21
    TRUSTe Inc., 2017
    Questions?

    v TRUSTe Inc., 2017


    Privacy Insight Series
    v - truste.com/insightseries 22
    TRUSTe Inc., 2017
    Contact:
    Hilary Wandall
    hilary@truste.com

    v TRUSTe Inc., 2017


    Privacy Insight Series
    v - truste.com/insightseries 23
    TRUSTe Inc., 2017
    Thank You!
    Register now for the next webinar in our 2017 Winter/Spring Webinar Series
    on April 13, 2017 Swiss-US Privacy Shield Rollout: What to Expect
    https://info.truste.com/swiss-us-privacy-shield-rollout-webinar.html

    See http://www.truste.com/insightseries for the 2017 Privacy Insight Series


    and past webinar recordings.

    v TRUSTe Inc., 2017


    Privacy Insight Series
    v - truste.com/insightseries 24
    TRUSTe Inc., 2017
    Thank You!
    Register now for the next webinar in our 2017 Winter/Spring Webinar Series
    on April 27, 2017 ROI of Privacy: Building a Case for Investment
    https://info.truste.com/roi-of-privacy-webinar.html

    See http://www.truste.com/insightseries for the 2017 Privacy Insight Series


    and past webinar recordings.

    v TRUSTe Inc., 2017


    Privacy Insight Series
    v - truste.com/insightseries 25
    TRUSTe Inc., 2017

    Das könnte Ihnen auch gefallen