Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
16 Cards in this Set
- Front
- Back
|
What are the 6 areas of Privacy Program governance?
|
1. Organization Level
2. Establish a privacy program. 3. Structure the privacy team. 4. Develop the Privacy Program Framework. 5. Implement the Privacy Policy Framework. 6. Metrics |
|
|
What one thing do you do at the "Organizational" level of Privacy Program Governance?
|
Just: "Create a company vision."
|
|
|
How do you "Create a company vision"? Name your three actions
|
1. Acquire knowledge on privacy approaches
2. Evaluate the intended objective 3. Gain executive sponsor approval for this vision |
|
|
What three things do you do at the "Establish a privacy program." level of Privacy Program Governance?
|
i. Define program scope and charter.
ii. Identify the source, types, and uses of personal information (PI) within the organization and the applicable laws. iii. Develop a privacy strategy |
|
|
By doing what three things do you "Develop a privacy strategy "?
|
1. By organizing business alignment
2. By Developing a data governance strategy for personal information (collection, authorized use, access, destruction) 3. By planning inquiry/complaint handling procedures (customers, regulators, etc.) |
|
|
...but how you achieve "Business alignment" breaks into 6 more actions. What are they?
|
a. Finalize the operational business case for privacy.
b. Identify your stakeholders. c. Leverage key functions. d. Create a process for interfacing within the organization. e. Align organizational culture and privacy/data protection objectives. f. Obtain funding/budget for privacy and the privacy team. |
|
|
How do you structure the privacy team in 4 steps?
|
i. Using governance models.
ii. By establishing the organizational model, responsibilities and reporting structure appropriate to the size of the organization. iii. By designating a point of contact for privacy issues. iv. By establishing and endorsing the measurement of professional competency. |
|
|
I can't remember the governance models. Can you help me with them?
|
1. Centralized
2. Distributed 3. Hybrid. |
|
|
In a large organization, how would you establish the organizational model, responsibilities and reporting structure?
|
Figure out who will be:
a. Chief privacy officer b. Privacy manager c. Privacy analysts d. Business line privacy leaders e. “First responders” |
|
|
There are just a couple of things involved in developing the Privacy Program Framework. What are they?
|
a. Develop organizational privacy policies, standards and/or guidelines
b. Define privacy program activities |
|
|
Name 8 privacy program activities.
|
i. Education and awareness
ii. Monitoring and responding to the regulatory environment iii. Internal policy compliance iv. Data inventories, data flows, and classification v. Risk assessment (Privacy Impact Assessments [PIAs], etc.) vi. Incident response and process, including jurisdictional regulations vii. Remediation viii. Program assurance, including audits |
|
|
OK, what two things are involved in implementing the Privacy Policy Framework?
|
a. Communicate the framework to internal and external stakeholders
b. Ensure continuous alignment to applicable laws and regulations to support the development of an organizational privacy program framework |
|
|
Heavens to Betsey! How do you ensure continuous alignment to applicable laws and regulations to support the development of an organizational privacy program framework? There are 8 things, Betsey. Name them.
|
well you:
i. Understand applicable national laws and regulations ii. Understand applicable local laws and regulations. iii. Understand penalties for noncompliance with laws and regulations iv. Understand the scope and authority of oversight agencies (e.g., Data Protection Authorities, Privacy Commissioners, Federal Trade Commission, etc.) v. Understand privacy implications of doing business in or with countries with inadequate, or without, privacy laws vi. Maintain the ability to manage a global privacy function vii. Maintain the ability to track multiple jurisdictions for changes in privacy law. viii. Understand international data sharing arrangements agreements. |
|
|
Metrics are used to figure out where you are and where you need to be. What are four other things you need to know surrounding metrics in relation to your Privacy Program Governance?
|
a. Identify intended audience for metrics
b. Define reporting resources c. Define privacy metrics for oversight and governance per audience d. Identify systems/application collection points |
|
|
what 6 defining factors would you use to quantify privacy metrics for oversight and governance per audience?
|
i. Compliance metrics (examples, will vary by organization)
ii. Trending iii. Privacy program return on investment (ROI) iv. Business resiliency metrics v. Privacy program maturity level vi. Resource utilization. |
|
|
What are 10 activities surrounding Compliance metrics?
|
1. Collection (notice)
2. Responses to data subject inquiries 3. Use 4. Retention 5. Disclosure to third parties 6. Incidents (breaches, complaints, inquiries) 7. Employees trained 8. PTA metrics 9. Privacy risk indicators 10. Percent of company functions represented by governance mechanisms. |
