SlideShare a Scribd company logo

Data Protection: An Approach to Privacy

Download as PPTX, PDF
Symptai Consulting Limited
Symptai Consulting Limited

This document outlines key aspects of establishing an effective privacy program. It discusses defining a privacy mission and strategy, establishing a governance team, developing a framework aligned to policies and standards, and defining performance metrics. It also covers the privacy operational lifecycle, including assessing privacy using maturity models, protecting data through its lifecycle via data lifecycle management and privacy by design, sustaining privacy through compliance monitoring and audits, and responding to incidents and requests. The presenter provides this overview to help organizations effectively address privacy through all stages from assessment to response.

Data & Analytics
1 of 21
DATA PROTECTION Andrew Nooks An Approach To Privacy
Symptai • Symptai Consulting Limited is an independent IS Audit, Security & Business Assurance firm founded in 1998. • We are an industry leader in technology consulting services for assurance, security, business processes, and compliance with numerous success stories and excellent client retention rates.
Symptai Consulting Ltd Director eGov Jamaica Member, Board of Directors Andrew A. Nooks Certs: CISA, CISSP, CISSP-ISSAP, CIPM, CSSLP, CISM, CRISC, PCIP, ISO27001, ITSM Interests: Volleyball Swimming Aikido
Disclaimer • This presentation is based on research collated from the Internet leveraging articles from the International Association of Privacy Professionals (IAPP), an organization of which I am a member, and its contributors. • I have also leveraged my own experience being as an IS practitioner for over twenty-five (25) years of which thirteen (13) of which has been dedicated to Information Security and related controls to include privacy, as well as and the knowledge and experience from the Symptai team.
Definition of Privacy Privacy The right to be left alone, or freedom from interference or intrusion. Information privacy The right to have some control over how your personal information is collected and used. Impact How organization protect data in its various states: At rest, in-transit and in use.
Why is Privacy Important? Due to advancement in technological innovation, information privacy is becoming more complex by the minute as more data is being collected and exchanged. As the technology gets more sophisticated so do the uses of data. This leaves organizations facing an incredibly complex risk matrix for ensuring that personal information is protected.
In the News (Source https://www.scmagazine.com) Source: https://iapp.org/news
Business Risk • Health • Banking • Insurance • Telecoms Inherent High Risk • GDPR and other Data Protection Legislations • PCI DSS • HIPAA Legal & Compliance
Primary Components of a Privacy Program Privacy Program Governance Privacy Operational Life-Cycle Management
Privacy Program Governance • Vision and Mission • Develop a strategy • Team structure and composition Strategy Management
Privacy Program Governance • Vision and Mission • Develop a strategy • Team structure and composition Strategy Management • Frameworks • Policies Procedures Standards and guidelines Framework
Privacy Program Governance • Vision and Mission • Develop a strategy • Team structure and composition Strategy Management • Frameworks • Policies Procedures Standards and guidelinesFramework • Metrics and measurements (identify, Define, Select, Collect, Analyze) Performance
Business Case • Organizational Privacy Office Guidance • Define Privacy • Laws and Regulations • Technical Controls • External Privacy Organizations • Industry Frameworks • Privacy information Technology • Education and Awareness • Program Assurance
Privacy Operational Lifecycle Assess Protect Sustain Respond
Assess • AICPA/CICA Privacy Maturity Model • GAPP • Privacy by Design Assessment Models • Data • Systems • Processes Assess Business Privacy Operational Lifecycle Assess Protect Sustain Respond
• Need for DLM • DLM Principles Data Lifecycle Management • Standards and Frameworks Information Security Practices • Proactive, Default Settings • Embedded, End2End Protection • Transparency, Respect for Users Privacy by Design • Privacy Impact Assessments • Risk Assessments Analyze and Assess Privacy Operational Lifecycle Assess Protect Sustain Respond Protect
• Compliance with Privacy Policy • Monitor regulations and legislation • Compliance and Risk • Environment Monitor • Align Privacy operations • Compliance with Policies and Standards • Access Modification Disclosure • Communication of Findings Audit • Awareness • Flexibility • Catalog and maintain documents • Train Communicate Sustain Privacy Operational Lifecycle Assess Protect Sustain Respond
• Handling, Access • Redress, Correction • Integrity Information Request • Preventing Harm • Accountability • Monitoring Legal Compliance • Roles and Responsibility • Integration in BCP • Detection Incident Planning • Pre-notification • Response Plan, Plan Execution • Reporting, Evaluation Incident Handling Respond Privacy Operational Lifecycle Assess Protect Sustain Respond
In Summary 1. Define the privacy mission statement 2. Develop a strategy 3. Define team structure 4. Develop a framework – aligned to organization 5. Develop and communicate policies, procedures, standards and guidelines 6. Define performance metrics 7. Assess the based on governance model 8. Protect – DLM, Info Sec embedding privacy in the organization 9. Conduct RA and PIA 10. Monitor, audit and communicate 11. Respond to request 12. Accountability 13. Incident management
Additional Reading • IAPP.org • APEC.org • ICO.gov.uk • Priv.gc.ca • OECD.org
Questions? Andrew Nooks Symptai Consulting Limited Email: info@symptai.com

Recommended

Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program Implementation
Eryk Budi Pratama
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
PECB
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
PECB
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
PECB
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
HasnolAhmad2
 
HITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to knowHITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to know
➲ Stella Bridges
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
Hernan Huwyler, MBA CPA
 

Recommended

Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program Implementation
Eryk Budi Pratama
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
PECB
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
PECB
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
PECB
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
HasnolAhmad2
 
HITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to knowHITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to know
➲ Stella Bridges
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
Hernan Huwyler, MBA CPA
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
Mart Rovers
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
technakama
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001
Owako Rodah
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
EC-Council
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
PECB
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance
Jean-Michel Franco
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
Ahmed Riad .
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Eryk Budi Pratama
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Eryk Budi Pratama
 
CISM sertifikacija
CISM sertifikacijaCISM sertifikacija
CISM sertifikacija
BKA (Baltijos kompiuteriu akademija)
 
CISA sertifikacija
CISA sertifikacijaCISA sertifikacija
CISA sertifikacija
BKA (Baltijos kompiuteriu akademija)
 

More Related Content

What's hot

Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
Mart Rovers
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
technakama
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001
Owako Rodah
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
EC-Council
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
PECB
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance
Jean-Michel Franco
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
Ahmed Riad .
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Eryk Budi Pratama
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Eryk Budi Pratama
 

What's hot (20)

Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
 

Similar to Data Protection: An Approach to Privacy

CISM sertifikacija
CISM sertifikacijaCISM sertifikacija
CISM sertifikacija
BKA (Baltijos kompiuteriu akademija)
 
CISA sertifikacija
CISA sertifikacijaCISA sertifikacija
CISA sertifikacija
BKA (Baltijos kompiuteriu akademija)
 
Privacy frameworks 101
Privacy frameworks 101Privacy frameworks 101
Privacy frameworks 101
Saumya Vishnoi
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
IGN MANTRA
 
Ttss consulting(1)
Ttss consulting(1)Ttss consulting(1)
Ttss consulting(1)
Steven Trom
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
 
5548 isaca for-students
5548 isaca for-students5548 isaca for-students
5548 isaca for-students
Universitas Bina Darma Palembang
 
Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurancea3virani
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
Evan Francen
 
Navigate LLC Overview
Navigate LLC OverviewNavigate LLC Overview
Navigate LLC OverviewSarah Carroll
 
Dont let governance risk and compliance be a roll of the dice | ESPC22
Dont let governance risk and compliance be a roll of the dice | ESPC22 Dont let governance risk and compliance be a roll of the dice | ESPC22
Dont let governance risk and compliance be a roll of the dice | ESPC22
Nikki Chapple
 
ACSPL PROFILE - FEB 2021.pptx
ACSPL PROFILE - FEB 2021.pptxACSPL PROFILE - FEB 2021.pptx
ACSPL PROFILE - FEB 2021.pptx
ShashiShetty11
 
Asis 2013 april updates
Asis 2013 april updatesAsis 2013 april updates
Asis 2013 april updatesPeggy OConnor
 
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
ssuserde23af
 
CNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security ProgramsCNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security Programs
Sam Bowne
 
CNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security ProgramsCNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security Programs
Sam Bowne
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014Paul Simidi
 
InfosecTrain_Certified_Information_Systems_Auditor_CISA_Course_Content.pdf
InfosecTrain_Certified_Information_Systems_Auditor_CISA_Course_Content.pdfInfosecTrain_Certified_Information_Systems_Auditor_CISA_Course_Content.pdf
InfosecTrain_Certified_Information_Systems_Auditor_CISA_Course_Content.pdf
priyanshamadhwal2
 
2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant
TrustArc
 

Similar to Data Protection: An Approach to Privacy (20)

CISM sertifikacija
CISM sertifikacijaCISM sertifikacija
CISM sertifikacija
 
CISA sertifikacija
CISA sertifikacijaCISA sertifikacija
CISA sertifikacija
 
Privacy frameworks 101
Privacy frameworks 101Privacy frameworks 101
Privacy frameworks 101
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
 
Ttss consulting(1)
Ttss consulting(1)Ttss consulting(1)
Ttss consulting(1)
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
5548 isaca for-students
5548 isaca for-students5548 isaca for-students
5548 isaca for-students
 
Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurance
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 
Navigate LLC Overview
Navigate LLC OverviewNavigate LLC Overview
Navigate LLC Overview
 
Dont let governance risk and compliance be a roll of the dice | ESPC22
Dont let governance risk and compliance be a roll of the dice | ESPC22 Dont let governance risk and compliance be a roll of the dice | ESPC22
Dont let governance risk and compliance be a roll of the dice | ESPC22
 
ACSPL PROFILE - FEB 2021.pptx
ACSPL PROFILE - FEB 2021.pptxACSPL PROFILE - FEB 2021.pptx
ACSPL PROFILE - FEB 2021.pptx
 
Asis 2013 april updates
Asis 2013 april updatesAsis 2013 april updates
Asis 2013 april updates
 
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
 
CNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security ProgramsCNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security Programs
 
CNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security ProgramsCNIT 160 Ch 4a: Information Security Programs
CNIT 160 Ch 4a: Information Security Programs
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014
 
Belgina ism-v3 3
Belgina ism-v3 3Belgina ism-v3 3
Belgina ism-v3 3
 
InfosecTrain_Certified_Information_Systems_Auditor_CISA_Course_Content.pdf
InfosecTrain_Certified_Information_Systems_Auditor_CISA_Course_Content.pdfInfosecTrain_Certified_Information_Systems_Auditor_CISA_Course_Content.pdf
InfosecTrain_Certified_Information_Systems_Auditor_CISA_Course_Content.pdf
 
2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant
 

More from Symptai Consulting Limited

Embracing the Risk and Opportunity of AI & Cloud.pptx
Embracing the Risk and Opportunity of AI & Cloud.pptxEmbracing the Risk and Opportunity of AI & Cloud.pptx
Embracing the Risk and Opportunity of AI & Cloud.pptx
Symptai Consulting Limited
 
Migrating to the Cloud - From Preparation to Operation copy.pdf
Migrating to the Cloud - From Preparation to Operation copy.pdfMigrating to the Cloud - From Preparation to Operation copy.pdf
Migrating to the Cloud - From Preparation to Operation copy.pdf
Symptai Consulting Limited
 
Integrated Security for Software Development and Advanced Penetration Testing...
Integrated Security for Software Development and Advanced Penetration Testing...Integrated Security for Software Development and Advanced Penetration Testing...
Integrated Security for Software Development and Advanced Penetration Testing...
Symptai Consulting Limited
 
Strengthening Caribbean Business against Cyber Attacks May 18.pdf
Strengthening Caribbean Business against Cyber Attacks May 18.pdfStrengthening Caribbean Business against Cyber Attacks May 18.pdf
Strengthening Caribbean Business against Cyber Attacks May 18.pdf
Symptai Consulting Limited
 
Keeping security relevant amid digital transformation
Keeping security relevant amid digital transformationKeeping security relevant amid digital transformation
Keeping security relevant amid digital transformation
Symptai Consulting Limited
 
Realizing the benefits of Digital Transformation
Realizing the benefits of Digital TransformationRealizing the benefits of Digital Transformation
Realizing the benefits of Digital Transformation
Symptai Consulting Limited
 
Securing Devices at Home
Securing Devices at HomeSecuring Devices at Home
Securing Devices at Home
Symptai Consulting Limited
 
Preparing your Business for the Data Protection Bill
Preparing your Business for the Data Protection BillPreparing your Business for the Data Protection Bill
Preparing your Business for the Data Protection Bill
Symptai Consulting Limited
 
Why cost optimization is the way of the future
Why cost optimization is the way of the futureWhy cost optimization is the way of the future
Why cost optimization is the way of the future
Symptai Consulting Limited
 
Best practices for PCI compliance
Best practices for PCI compliance Best practices for PCI compliance
Best practices for PCI compliance
Symptai Consulting Limited
 
The role of Technology: Battling Financial Crime
The role of Technology: Battling Financial CrimeThe role of Technology: Battling Financial Crime
The role of Technology: Battling Financial Crime
Symptai Consulting Limited
 
Data Analytics: Improving Business
Data Analytics: Improving BusinessData Analytics: Improving Business
Data Analytics: Improving Business
Symptai Consulting Limited
 
IT Audit - Evolve and Stay in the Game
IT Audit - Evolve and Stay in the GameIT Audit - Evolve and Stay in the Game
IT Audit - Evolve and Stay in the Game
Symptai Consulting Limited
 
Balancing Privacy and Digitization
Balancing Privacy and DigitizationBalancing Privacy and Digitization
Balancing Privacy and Digitization
Symptai Consulting Limited
 
Misconceptions of Business Continuity Planning
Misconceptions of Business Continuity PlanningMisconceptions of Business Continuity Planning
Misconceptions of Business Continuity Planning
Symptai Consulting Limited
 
Cyber-Attack and Security: Putting the Audit Committee on High Alert
Cyber-Attack and Security: Putting the Audit Committee on High AlertCyber-Attack and Security: Putting the Audit Committee on High Alert
Cyber-Attack and Security: Putting the Audit Committee on High Alert
Symptai Consulting Limited
 
Data mining: How it can Help Boost Effectiveness
Data mining: How it can Help Boost EffectivenessData mining: How it can Help Boost Effectiveness
Data mining: How it can Help Boost Effectiveness
Symptai Consulting Limited
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?
Symptai Consulting Limited
 
Governance: a tool for growth
Governance: a tool for growthGovernance: a tool for growth
Governance: a tool for growth
Symptai Consulting Limited
 

More from Symptai Consulting Limited (19)

Embracing the Risk and Opportunity of AI & Cloud.pptx
Embracing the Risk and Opportunity of AI & Cloud.pptxEmbracing the Risk and Opportunity of AI & Cloud.pptx
Embracing the Risk and Opportunity of AI & Cloud.pptx
 
Migrating to the Cloud - From Preparation to Operation copy.pdf
Migrating to the Cloud - From Preparation to Operation copy.pdfMigrating to the Cloud - From Preparation to Operation copy.pdf
Migrating to the Cloud - From Preparation to Operation copy.pdf
 
Integrated Security for Software Development and Advanced Penetration Testing...
Integrated Security for Software Development and Advanced Penetration Testing...Integrated Security for Software Development and Advanced Penetration Testing...
Integrated Security for Software Development and Advanced Penetration Testing...
 
Strengthening Caribbean Business against Cyber Attacks May 18.pdf
Strengthening Caribbean Business against Cyber Attacks May 18.pdfStrengthening Caribbean Business against Cyber Attacks May 18.pdf
Strengthening Caribbean Business against Cyber Attacks May 18.pdf
 
Keeping security relevant amid digital transformation
Keeping security relevant amid digital transformationKeeping security relevant amid digital transformation
Keeping security relevant amid digital transformation
 
Realizing the benefits of Digital Transformation
Realizing the benefits of Digital TransformationRealizing the benefits of Digital Transformation
Realizing the benefits of Digital Transformation
 
Securing Devices at Home
Securing Devices at HomeSecuring Devices at Home
Securing Devices at Home
 
Preparing your Business for the Data Protection Bill
Preparing your Business for the Data Protection BillPreparing your Business for the Data Protection Bill
Preparing your Business for the Data Protection Bill
 
Why cost optimization is the way of the future
Why cost optimization is the way of the futureWhy cost optimization is the way of the future
Why cost optimization is the way of the future
 
Best practices for PCI compliance
Best practices for PCI compliance Best practices for PCI compliance
Best practices for PCI compliance
 
The role of Technology: Battling Financial Crime
The role of Technology: Battling Financial CrimeThe role of Technology: Battling Financial Crime
The role of Technology: Battling Financial Crime
 
Data Analytics: Improving Business
Data Analytics: Improving BusinessData Analytics: Improving Business
Data Analytics: Improving Business
 
IT Audit - Evolve and Stay in the Game
IT Audit - Evolve and Stay in the GameIT Audit - Evolve and Stay in the Game
IT Audit - Evolve and Stay in the Game
 
Balancing Privacy and Digitization
Balancing Privacy and DigitizationBalancing Privacy and Digitization
Balancing Privacy and Digitization
 
Misconceptions of Business Continuity Planning
Misconceptions of Business Continuity PlanningMisconceptions of Business Continuity Planning
Misconceptions of Business Continuity Planning
 
Cyber-Attack and Security: Putting the Audit Committee on High Alert
Cyber-Attack and Security: Putting the Audit Committee on High AlertCyber-Attack and Security: Putting the Audit Committee on High Alert
Cyber-Attack and Security: Putting the Audit Committee on High Alert
 
Data mining: How it can Help Boost Effectiveness
Data mining: How it can Help Boost EffectivenessData mining: How it can Help Boost Effectiveness
Data mining: How it can Help Boost Effectiveness
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?
 
Governance: a tool for growth
Governance: a tool for growthGovernance: a tool for growth
Governance: a tool for growth
 

Recently uploaded

一比一原版(UofS毕业证书)萨省大学毕业证如何办理
一比一原版(UofS毕业证书)萨省大学毕业证如何办理一比一原版(UofS毕业证书)萨省大学毕业证如何办理
一比一原版(UofS毕业证书)萨省大学毕业证如何办理
v3tuleee
 
社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .
NABLAS株式会社
 
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
axoqas
 
一比一原版(UniSA毕业证书)南澳大学毕业证如何办理
一比一原版(UniSA毕业证书)南澳大学毕业证如何办理一比一原版(UniSA毕业证书)南澳大学毕业证如何办理
一比一原版(UniSA毕业证书)南澳大学毕业证如何办理
slg6lamcq
 
FP Growth Algorithm and its Applications
FP Growth Algorithm and its ApplicationsFP Growth Algorithm and its Applications
FP Growth Algorithm and its Applications
MaleehaSheikh2
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP
 
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
Tiktokethiodaily
 
一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单
enxupq
 
The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...
jerlynmaetalle
 
Opendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptxOpendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptx
Opendatabay
 
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
ewymefz
 
一比一原版(BU毕业证)波士顿大学毕业证成绩单
一比一原版(BU毕业证)波士顿大学毕业证成绩单一比一原版(BU毕业证)波士顿大学毕业证成绩单
一比一原版(BU毕业证)波士顿大学毕业证成绩单
ewymefz
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP
 
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
ukgaet
 
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
oz8q3jxlp
 
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Boston Institute of Analytics
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
ewymefz
 
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
vcaxypu
 
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...
pchutichetpong
 
SOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape ReportSOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape Report
SOCRadar
 

Recently uploaded (20)

一比一原版(UofS毕业证书)萨省大学毕业证如何办理
一比一原版(UofS毕业证书)萨省大学毕业证如何办理一比一原版(UofS毕业证书)萨省大学毕业证如何办理
一比一原版(UofS毕业证书)萨省大学毕业证如何办理
 
社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .
 
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
 
一比一原版(UniSA毕业证书)南澳大学毕业证如何办理
一比一原版(UniSA毕业证书)南澳大学毕业证如何办理一比一原版(UniSA毕业证书)南澳大学毕业证如何办理
一比一原版(UniSA毕业证书)南澳大学毕业证如何办理
 
FP Growth Algorithm and its Applications
FP Growth Algorithm and its ApplicationsFP Growth Algorithm and its Applications
FP Growth Algorithm and its Applications
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
 
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
 
一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单
 
The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...
 
Opendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptxOpendatabay - Open Data Marketplace.pptx
Opendatabay - Open Data Marketplace.pptx
 
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
 
一比一原版(BU毕业证)波士顿大学毕业证成绩单
一比一原版(BU毕业证)波士顿大学毕业证成绩单一比一原版(BU毕业证)波士顿大学毕业证成绩单
一比一原版(BU毕业证)波士顿大学毕业证成绩单
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
 
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
一比一原版(UVic毕业证)维多利亚大学毕业证成绩单
 
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
 
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
 
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
一比一原版(ArtEZ毕业证)ArtEZ艺术学院毕业证成绩单
 
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...
 
SOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape ReportSOCRadar Germany 2024 Threat Landscape Report
SOCRadar Germany 2024 Threat Landscape Report
 

Data Protection: An Approach to Privacy

  • 1. DATA PROTECTION Andrew Nooks An Approach To Privacy
  • 2. Symptai • Symptai Consulting Limited is an independent IS Audit, Security & Business Assurance firm founded in 1998. • We are an industry leader in technology consulting services for assurance, security, business processes, and compliance with numerous success stories and excellent client retention rates.
  • 3. Symptai Consulting Ltd Director eGov Jamaica Member, Board of Directors Andrew A. Nooks Certs: CISA, CISSP, CISSP-ISSAP, CIPM, CSSLP, CISM, CRISC, PCIP, ISO27001, ITSM Interests: Volleyball Swimming Aikido
  • 4. Disclaimer • This presentation is based on research collated from the Internet leveraging articles from the International Association of Privacy Professionals (IAPP), an organization of which I am a member, and its contributors. • I have also leveraged my own experience being as an IS practitioner for over twenty-five (25) years of which thirteen (13) of which has been dedicated to Information Security and related controls to include privacy, as well as and the knowledge and experience from the Symptai team.
  • 5. Definition of Privacy Privacy The right to be left alone, or freedom from interference or intrusion. Information privacy The right to have some control over how your personal information is collected and used. Impact How organization protect data in its various states: At rest, in-transit and in use.
  • 6. Why is Privacy Important? Due to advancement in technological innovation, information privacy is becoming more complex by the minute as more data is being collected and exchanged. As the technology gets more sophisticated so do the uses of data. This leaves organizations facing an incredibly complex risk matrix for ensuring that personal information is protected.
  • 7. In the News (Source https://www.scmagazine.com) Source: https://iapp.org/news
  • 8. Business Risk • Health • Banking • Insurance • Telecoms Inherent High Risk • GDPR and other Data Protection Legislations • PCI DSS • HIPAA Legal & Compliance
  • 9. Primary Components of a Privacy Program Privacy Program Governance Privacy Operational Life-Cycle Management
  • 10. Privacy Program Governance • Vision and Mission • Develop a strategy • Team structure and composition Strategy Management
  • 11. Privacy Program Governance • Vision and Mission • Develop a strategy • Team structure and composition Strategy Management • Frameworks • Policies Procedures Standards and guidelines Framework
  • 12. Privacy Program Governance • Vision and Mission • Develop a strategy • Team structure and composition Strategy Management • Frameworks • Policies Procedures Standards and guidelinesFramework • Metrics and measurements (identify, Define, Select, Collect, Analyze) Performance
  • 13. Business Case • Organizational Privacy Office Guidance • Define Privacy • Laws and Regulations • Technical Controls • External Privacy Organizations • Industry Frameworks • Privacy information Technology • Education and Awareness • Program Assurance
  • 15. Assess • AICPA/CICA Privacy Maturity Model • GAPP • Privacy by Design Assessment Models • Data • Systems • Processes Assess Business Privacy Operational Lifecycle Assess Protect Sustain Respond
  • 16. • Need for DLM • DLM Principles Data Lifecycle Management • Standards and Frameworks Information Security Practices • Proactive, Default Settings • Embedded, End2End Protection • Transparency, Respect for Users Privacy by Design • Privacy Impact Assessments • Risk Assessments Analyze and Assess Privacy Operational Lifecycle Assess Protect Sustain Respond Protect
  • 17. • Compliance with Privacy Policy • Monitor regulations and legislation • Compliance and Risk • Environment Monitor • Align Privacy operations • Compliance with Policies and Standards • Access Modification Disclosure • Communication of Findings Audit • Awareness • Flexibility • Catalog and maintain documents • Train Communicate Sustain Privacy Operational Lifecycle Assess Protect Sustain Respond
  • 18. • Handling, Access • Redress, Correction • Integrity Information Request • Preventing Harm • Accountability • Monitoring Legal Compliance • Roles and Responsibility • Integration in BCP • Detection Incident Planning • Pre-notification • Response Plan, Plan Execution • Reporting, Evaluation Incident Handling Respond Privacy Operational Lifecycle Assess Protect Sustain Respond
  • 19. In Summary 1. Define the privacy mission statement 2. Develop a strategy 3. Define team structure 4. Develop a framework – aligned to organization 5. Develop and communicate policies, procedures, standards and guidelines 6. Define performance metrics 7. Assess the based on governance model 8. Protect – DLM, Info Sec embedding privacy in the organization 9. Conduct RA and PIA 10. Monitor, audit and communicate 11. Respond to request 12. Accountability 13. Incident management
  • 20. Additional Reading • IAPP.org • APEC.org • ICO.gov.uk • Priv.gc.ca • OECD.org
  • 21. Questions? Andrew Nooks Symptai Consulting Limited Email: info@symptai.com

Editor's Notes

  1. Welcome everyone Thank you for joining us today
  2. Privacy Framework: An implementation Roadmap that provides a structure or checklists to guide the privacy professional through privacy management and prompts them for details to determine all privacy-relevant decisions of the organization Strategy Management Vision and Mission (statements, scope, compliance, legal) - Develop a strategy (Stakeholders –CISO, CRO, GLC, CIO, HRM, CMO), Key Functions, Interfacing, Data Governance Strategy (Collection, Authorized use, access, Security Destruction), Privacy Workshop Team structure (Governance Model – Centralized, Decentrlized, Hybrid, Org Model – CPO, privacy manager, Professional Competency – CIPM, CIPP, CIPT)
  3. Privacy Framework: An implementation Roadmap that provides a structure or checklists to guide the privacy professional through privacy management and prompts them for details to determine all privacy-relevant decisions of the organization. Managing risk Framework Assist in risk management Minimize incidents of data loss Protect reputation and market value Aids in Compliance to lawas regulation and standards Frameworks (privacy by Design, Privacy Maturity Model) APEC Privacy Framework – Enable regional data transfers C2B, B2B, B2G Guidance from UK Information Commissioner’s Office Canadian Personal Information and Electronic Documents Act PIPEDA Australian Privacy Principles Organization for Economic Co-operation amd Development Privacy Guidelines Framework questions Are risks defined identified and is there a business case Who has responsibility Are gaps in privacy management understood Is privacy management being monitored Are employees trained Are best practices for data inventory, risk assessments and privacy impact assessments Is there an incident response plan Is there a communication policy on privacy-related matters and are materials updated Policies Procedures Standards and guidelines (Business Case, Gap Analysis, Review Process and Monitoring, Communicate to stakeholders
  4. Performance Measurable, meaningful, unambiguous, specific
  5. Externalprovacy – Data Commissioner’s office Privacy enhancing technologied Industry frameworks such as AICPA – Generally Accepted Privacy Principles -- collection use
  6. Assess – measure Protect – Improve Sustain – evaluate Support – respond
  7. PMM – Levels adhoc repeatable, defined, managed, optimized PbD – Assess org objectives and goals – Dr Ann Cavoukian Support for these areas Internal Audit and Risk Management Informaiton Technology – Business Continuity/DRP InformationSecurity – Response and Breach Notification Legal and Contracts – Compliance, Mergers, Acquisitions, divestitures Processors and thirdparty vendors Human Resourcesmarketting and business development Gobernment relations and public policy Finance/business contrls
  8. DLM Principles Alignment with enterprise objectives Minimalism Simplify processes Provide adequate infrastructure Information Security Authenticity of subjects records Retrievability Distribution Controls Auditability Consistency of policies Enforcement