1 / 17

Building an Effective Data Privacy Program – 6 Steps from TRUSTe

Six practical steps to build an effective data privacy program from conducting an initial privacy risk assessment to implementing controls & ongoing maintenance.<br>Watch the complete webinar from leading privacy experts on 6 practical steps to build a data privacy program https://info.truste.com/lp/truste/On-Demand-Webinar-Reg-Page2.html?asset=KB5XQRQG-567

truste
Télécharger la présentation

Building an Effective Data Privacy Program – 6 Steps from TRUSTe

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Building an Effective Privacy Program – Six Practical Steps September 24, 2015 v v Privacy Insight Series 1

  2. Today’s Speakers Beth Sipula, CIPP/US Senior Consultant, TRUSTe Paola Zeni Director Global Privacy, Ethics and Compliance Symantec Corporation v Privacy Insight Series 2

  3. Six Practical Steps Framework Development and Management Risk Mgmt Vendor & Third Parties Privacy by Design Incident Response v Privacy Insight Series 3

  4. Poll Question #1 – What level on the maturity scale is your organization? Staged Maturity Levels Level 5 Optimized Process Measured & Controlled Process Characterized & Understood Level 4 Quantitatively Managed Level 3 Defined Process in Place & Proactive Continuous Improvement Level 2 Managed Process Unpredictable Level 1 Initial v Privacy Insight Series 4

  5. Step 1 - Create the Framework Create the Framework (based on the requirements for your organization) • Analysis of regulatory/contractual requirements • Review legislative requirements/Geos • Develop a budget and a roadmap • Privacy Committee/Privacy Champions v Privacy Insight Series 5

  6. Poll Question #2 What team or business unit is primarily responsible for managing privacy risks in your organization? • Legal/Compliance • IT/Security • Internal Audit • Product/Development • Other v Privacy Insight Series 6

  7. Step 2 - Risk Management Develop a Risk Management Process • Data discovery and data inventory • Comprehensive risk assessment process • Risk Management Committee to rank ongoing risks • Executive sponsor and champion v Privacy Insight Series 7

  8. Step 3 - Privacy by Design Build in Privacy • PIAs • Create tools and processes for product/development teams • Identify risks and analysis of impacts • Leverage existing development processes where possible • Training v Privacy Insight Series 8

  9. Incident Response Develop an Incident Response Plan • Process, plan and toolkit • RACI charts • Responsible/accountable/consulted/informed • Privilege • Crisis communications plan (internal/external) • Test plan regularly and update • Tabletop exercises • Common scenarios v Privacy Insight Series 9

  10. Step 5 - Vendor and Third Party Management Develop a Comprehensive Approach • Understand who has access to sensitive data, purpose, access and data transfers • Documentation • Contractual requirements • Partner with Procurement v Privacy Insight Series 10

  11. Step 6 - Program Development and Ongoing Monitoring How do you keep moving forward once you have the basics in place? • Monitor regulatory changes • Establish metrics to measure your program effectiveness • Reporting on program effectiveness • Ongoing training and communication • Building privacy champions • Employee training • Privacy sensitive culture v Privacy Insight Series 11

  12. Key Take-Aways v v Privacy Insight Series 12

  13. Key Take-Aways • Start with a roadmap and implement the basics • Manage risks • Partner with other areas of the organization • Utilize tools and automate whenever possible • Prioritize training and communicate privacy • Building blocks of a privacy centric culture v Privacy Insight Series 13

  14. Moving Forward Framework Development and Management Risk Mgmt Vendor & Third Parties Privacy by Design Incident Response v Privacy Insight Series 14

  15. Questions? v v Privacy Insight Series 15

  16. Contacts Beth Sipula Paola Zeni bsipula@truste.com paola.zeni@veritas.com v v Privacy Insight Series 16

  17. Thank You! Don’t miss the next webinar in the Series –“ Top 5 Things the CISO Needs to Know about Data Privacy” on October 15th See http://www.truste.com/insightseries for details of future webinars and recordings. v v Privacy Insight Series 17

More Related