Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Metrics for Success: Quantifying the Value of the Privacy Function [Webinar Slides]

3,108 views

Published on

Watch the FULL webinar on-demand w/ these slides at this link: https://info.truste.com/quantifying-value-privacy-function-webinar.html

Privacy has traditionally been focused on avoiding risk and defined in terms of potential crises averted versus positive contribution to the bottom line. As the GDPR drives privacy closer to the Senior Management team agenda, how can you show the real value of the privacy office? What are the SMART metrics that you can use to show the totality of privacy effort and how can you track these effectively in a complex global organization?

As we look towards 2017 and the future of the privacy profession being able to better quantify, risk, level of effort, value to the organization will be essential to privacy’s ongoing upward trajectory.

Register now to watch this free on-demand webinar as we:

1. Review current best practices
2. Provide takeaways and new years’ resolutions for when you’re back at your desk

Make sure to register NOW to watch the on-demand webinar here: https://info.truste.com/quantifying-value-privacy-function-webinar.htmll

To register for upcoming other TRUSTe Webinars (upcoming/on-demand) visit: https://www.truste.com/events/privacy-insight-webinar-schedule/

Published in: Law
  • Login to see the comments

Metrics for Success: Quantifying the Value of the Privacy Function [Webinar Slides]

  1. 1. 1 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 v © TRUSTe Inc., 2016 Metrics for Success: Quantifying the Value of the Privacy Function December 8, 2016
  2. 2. 2 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 Today’s Speakers Deidre Rodriguez Director, Corporate Privacy Office Anthem, Inc Marcus Morissette Global Privacy Officer eBay Kevin Trilli, SVP Product, TRUSTe
  3. 3. 3 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 v © TRUSTe Inc., 2016 Privacy Metrics and Dashboard Kevin Trilli, SVP Product, TRUSTe
  4. 4. 4 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 • Speaker Intros • Metrics and Privacy Organization • Categories and types of Metrics • Building / establishing a Monitoring Program • Challenges and Recommendations Agenda
  5. 5. 5 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 v © TRUSTe Inc., 2016 Privacy Metrics
  6. 6. 6 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 Purposes and Categories of Metrics Target Audience Audience Purpose Privacy Officer / Privacy Manager Internal • Program development • Organizational Management Executives / BOD Internal • Communicate overall risk posture • Resource requests Auditors / Regulators External • Demonstrate program accountability and effectiveness • Transparency
  7. 7. 7 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 • Initial stage is strategy planning and development – Requires selecting and planning a set of program activities – Establish required set of resources • On-going management – Program and goal management – Resource utilization – Gaps / program maturity velocity CPO/Privacy Manager: Program Establishment, Evolution and Budgeting
  8. 8. 8 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 Example: Privacy Program Management
  9. 9. 9 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 • Inbound inquiries to privacy team (tickets/advise/projects) – % utilization • Policies under management –Reflective of external and internal laws, regs, policies  shows scope • Assets under management – Data processing applications and systems • Projects (risk assessments, PIAs, etc) – #, state, aging, response time – risk issues identified and remediated • Incidents (breach, data release, reg inquiries) – #, type and risk levels, remediation plan • All are mapped to each BU to show status across enterprise –Includes HR, IT and Marketing functional groups as needed CPO/Privacy Manager: Operational Management
  10. 10. 10 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 Example: Risk Assessment and Remediation Metrics
  11. 11. 11 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 • Privacy Program Overview / Budgeting – Program to Goal (%) – Overall Resource allocation – Budget justification • Risks – Incidents – Regulatory enquiries – Related fines/investigations (vertical) – Heat Map Executive / BOD
  12. 12. 12 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 • Derived from internal metrics/dashboard, but may need sanitizing • Have ready on-demand to demonstrate program – Ideal: Technological system of record that can grow and aggregate project/project – Maintained for data integrity • Basics: – Database of data processing assets (#, classified by risk) with metadata – Construction of key data transfers (EU, APEC) – Consumer metrics (inquiries/disputes and resolution paths) • Needs to accompanied by evidence/documentation External Reporting
  13. 13. 13 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 Example: Asset Inventory characterized by risk
  14. 14. 14 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 v © TRUSTe Inc., 2016 Where to Start
  15. 15. 15 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 • First socialize with stakeholders / execs • Determine what matters most / scope • Prioritize to get started • Assess current capabilities Starting a Monitoring Program
  16. 16. 16 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 •Document your privacy program plan to get ready –Will you need to develop emails or templates for use during monitoring (announcement emails, SharePoint sites created, who will be responsible for what) –Determine where you will store data and who will have access –Are there callouts/disclaimers that need to added to metrics? –When will metrics be produced and by whom –Stagger monitoring so that it will not create negative impact for the business –Understand any reporting/monitoring that may be done in the business that will have potential impact –Write desktop procedure for how everything will happen A-Z • Communicate across broader organization Starting a Monitoring Program
  17. 17. 17 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 v © TRUSTe Inc., 2016 Beginning to Monitor
  18. 18. 18 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 •Identify lead that will be responsible for monitoring a specific piece of work •Put everything on the calendar –Date you will start sending requests to business –Date you will analyze data –Date that you will document findings –Date you will review metrics –Date that you will release metrics –Date corrective action plans will be due –Any ongoing follow up or re-monitoring to ensure issue has been adequately addressed •Keep leadership informed of roll out and any changes to program that may impact them Beginning to Monitor
  19. 19. 19 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 v © TRUSTe Inc., 2016 Continuing to Grow Monitoring Program
  20. 20. 20 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 •Continue to monitor risks and what matters most •Identify plan to grow program –What will be monitored next and why –Doing it by risk is easiest to explain –Continue to lobby for resources to expand program •Continue to collect feedback on metrics •Document all findings and do follow up on corrective action plans –This enables you to show leadership the positive impact of your program (what were you able to find and correct) •Partner with Internal Audit •Roll up data by quarter and produce annual metrics Growing Monitoring Program
  21. 21. 21 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 v © TRUSTe Inc., 2016 Challenges and Takeaways
  22. 22. 22 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 • How to do actual job but also measure and document • Control of data sources that feed metrics • Dealing with aspects of privacy management that don’t have easy metrics Challenges
  23. 23. 23 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 v © TRUSTe Inc., 2016 Deidre Rodrigeuz Deidre.Rodriguez@anthem.com Marcus Morissette mmorissette@ebay.com Kevin Trilli ktrilli@truste.com Contacts
  24. 24. 24 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2016 v © TRUSTe Inc., 2016 Details of our 2017 Winter/Spring Webinar Series will be available shortly. See http://www.truste.com/insightseries for all the 2016 Privacy Insight Series and past webinar recordings. Thank You!

×