Module 2 - Privacy Governance Flashcards
What is Privacy Governance?
- It is foundational to a Privacy Program
- Privacy Governance is a component that guides the privacy function towards compliance and supports the organization’s broader goals.
- It consists of:
a) Privacy vision/mission statement
b) Scope/Charter of the privacy program
c) Privacy framework
d) Privacy strategy
e) Structuring the privacy team.
What’s the difference between mission and vision?
Mission = what we do, who we do it for, and how we do it different or better
Vision = Description of what we believe or want to achieve.
What are the key components of a privacy strategy?
- Business Alignment - how does privacy enhance the business goals? Budget
- Data governance of personal information - applicable laws, data lifecycle,
- Inquiry/compliant handling procedures - training individuals, use technology to efficiently respond
Where should privacy program sit within an organization?
It depends.
Which department has the most influence?
Who has the budget?
Who is the strongest supporter of privacy?
What’s the different between a Privacy Strategy and a Privacy Framework?
Privacy Program Strategy (PPS) is the “why?” - Why is privacy important to the organization.
Privacy Program Framework (PPF) is the “what?” - i.e. what form or structure will the privacy program take?
PPF - provides the implementation roadmap. Provides a benchmark to measure program. Includes policies and procedures. E.g. ISO 27001.
What does the Privacy Program Framework include?
- Organizational policies
- Standards and guidelines
- Program activities
What are the different types of PPF?
- Principles and standards - e..g OECD data protection principles, AICPA General Accepted Privacy Principles (GAPP), ETSI 3GPP, ISO 27001
- Laws, regulations and programs - PIPEDA, Australian Privacy Principles, GDPR, LGPD, HIPAA, BCR
- Privacy program management solutions - NIST Privacy Engineering and Risk Management
What is the privacy policy life cycle?
- Draft
- Get approval
- Disseminate & socialize
- Train
- Review & Revise
What are the different kinds of privacy governance model within an organization?
- Centralized
- Localized/decentralized
- Hybrid
What are the factors that determine what kind of privacy governance model a organization adapts?
- Organizational Structure
- Existing governance model
- Privacy team’s position and authority
- Program maturity
- Senior leadership and stakeholder involvement
- Internal partnerships