Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Building an Effective Data Privacy Program – 6 Steps from TRUSTe


Published on

Six practical steps to build an effective data privacy program from conducting an initial privacy risk assessment to implementing controls & ongoing maintenance.
Watch the complete webinar from leading privacy experts on 6 practical steps to build a data privacy program

Published in: Technology
  • Login to see the comments

Building an Effective Data Privacy Program – 6 Steps from TRUSTe

  1. 1. 1 vPrivacy Insight Series v Building an Effective Privacy Program – Six Practical Steps September 24, 2015
  2. 2. 2 vPrivacy Insight Series Today’s Speakers Beth Sipula, CIPP/US Senior Consultant, TRUSTe Paola Zeni Director Global Privacy, Ethics and Compliance Symantec Corporation
  3. 3. 3 vPrivacy Insight Series Six Practical Steps Framework Risk Mgmt Privacy by Design Incident Response Vendor & Third Parties Development and Management
  4. 4. 4 vPrivacy Insight Series Poll Question #1 – What level on the maturity scale is your organization? Level 1 Initial Level 2 Managed Level 3 Defined Level 4 Quantitatively Managed Level 5 Optimized Process in Place & Proactive Process Unpredictable Process Measured & Controlled Process Characterized & Understood Continuous Improvement Staged Maturity Levels
  5. 5. 5 vPrivacy Insight Series Step 1 - Create the Framework Create the Framework (based on the requirements for your organization) • Analysis of regulatory/contractual requirements • Review legislative requirements/Geos • Develop a budget and a roadmap • Privacy Committee/Privacy Champions
  6. 6. 6 vPrivacy Insight Series Poll Question #2 What team or business unit is primarily responsible for managing privacy risks in your organization? • Legal/Compliance • IT/Security • Internal Audit • Product/Development • Other
  7. 7. 7 vPrivacy Insight Series Step 2 - Risk Management Develop a Risk Management Process • Data discovery and data inventory • Comprehensive risk assessment process • Risk Management Committee to rank ongoing risks • Executive sponsor and champion
  8. 8. 8 vPrivacy Insight Series Step 3 - Privacy by Design Build in Privacy • PIAs • Create tools and processes for product/development teams • Identify risks and analysis of impacts • Leverage existing development processes where possible • Training
  9. 9. 9 vPrivacy Insight Series Incident Response Develop an Incident Response Plan • Process, plan and toolkit • RACI charts • Responsible/accountable/consulted/informed • Privilege • Crisis communications plan (internal/external) • Test plan regularly and update • Tabletop exercises • Common scenarios
  10. 10. 10 vPrivacy Insight Series Step 5 - Vendor and Third Party Management Develop a Comprehensive Approach • Understand who has access to sensitive data, purpose, access and data transfers • Documentation • Contractual requirements • Partner with Procurement
  11. 11. 11 vPrivacy Insight Series Step 6 - Program Development and Ongoing Monitoring How do you keep moving forward once you have the basics in place? • Monitor regulatory changes • Establish metrics to measure your program effectiveness • Reporting on program effectiveness • Ongoing training and communication • Building privacy champions • Employee training • Privacy sensitive culture
  12. 12. 12 vPrivacy Insight Series v Key Take-Aways
  13. 13. 13 vPrivacy Insight Series Key Take-Aways • Start with a roadmap and implement the basics • Manage risks • Partner with other areas of the organization • Utilize tools and automate whenever possible • Prioritize training and communicate privacy • Building blocks of a privacy centric culture
  14. 14. 14 vPrivacy Insight Series Moving Forward Framework Risk Mgmt Privacy by Design Incident Response Vendor & Third Parties Development and Management
  15. 15. 15 vPrivacy Insight Series v Questions?
  16. 16. 16 vPrivacy Insight Series v Beth Sipula Paola Zeni Contacts
  17. 17. 17 vPrivacy Insight Series v Don’t miss the next webinar in the Series – “ Top 5 Things the CISO Needs to Know about Data Privacy” on October 15th See for details of future webinars and recordings. Thank You!