View stunning SlideShares in full-screen with the new iOS app!Introducing SlideShare for AndroidExplore all your favorite topics in the SlideShare appGet the SlideShare app to Save for Later — even offline
View stunning SlideShares in full-screen with the new Android app!View stunning SlideShares in full-screen with the new iOS app!
If personal information is to be used or disclosed for a secondary purpose not previously identified, is consent required?
Very generic, asks for a Yes/No, does not encourage analysis
Risk Scenario Analysis (4) Simplified Analysis Table Item Periodic audits by ATIP office P-PSA500 Consent procedures R-PSP252 Consistent notices and forms P-PSP251 Business Liaison with ATIP R-PSP250 Business Manual R-PSP201 L XXX User Agreements R-PSGP112 M-H H M Consent is not obtained in all cases. Persons who make inquiries by telephone or by regular mail may not formally consent to having personal information stored in a repository, or may not understand that their contact information will be retained following satisfaction of their inquiry. Their consent may be viewed as implicit. PR22 R Safeguards (Existing and Recommended) Privacy SG# R L I Risk Scenario R#
Recipe Recap: Get the right information at the right time
Lifecycle Alignment and Integration:
Set up your project to get privacy requirements and solutions at the right time
Risk Analysis Process Integration:
Align your privacy and security risk management processes
PIA Analysis Improvement
Formalize and harmonize privacy risk analysis with other risk analysis processes