Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
22 Cards in this Set
- Front
- Back
3 Subtask of Strategic Management
|
i) Define Privacy Vision and Privacy Mission Statement
ii) Develop Privacy Strategy iii) Structure Privacy Team |
|
What should a privacy vision/mission statement include? (4)
|
i) Develop Privacy Objectives
ii) Define Scope iii) Identify Legal & Regulatory Compliance Challenges iv) Identify Personal Information Legal Requirements *Be less than 30 seconds |
|
What is the difference between a vision statement & mission statement?
|
Vision - Describes purpose and ideas
Mission - What you do, What you stand for, Why |
|
Key Steps to Define Scope (2)
|
i) Identify & Understand Legal and Regulatory Compliance Challenges
ii) Identify the Data Impacted *Understand Global Perspective *Customize Approach *Be Aware of Laws, Regulations, Processes, Procedures *Monitor Legal Compliance Factors |
|
Types of Protection Models (4)
|
i) Sectoral (US)
ii) Comprehensize (EU, Canada, Russia) iii) Co-Regulatory (Australia) iv) Self Regulated (US, Japan, Singapore) |
|
Questions to Ask When Determining Privacy Requirements (Legal)
|
- Who collects, uses, maintians Personal Information
- What are the types of Personal Information - What are the legal requirements for the PI - Where is the PI stored - How is the PI collected - Why is the PI collected |
|
Steps to Developing a Privacy Strategy (5)
|
i) ID Stakeholders and Internal Partnerships
ii) Leverage Key Functions iii) Create a Process for Interfacing iv) Develop a Data Governance Strategy v) *Conduct a Privacy Workshop |
|
Data Governance Models (3)
|
i) Centralized
ii) Local/Decentralized iii) Hybrid |
|
What is a Privacy Program Framework?
|
Implementation roadmap that provides structure or checklists to guide privacy professionals through management and prompts for details to determine privacy relevant decisions.
|
|
Popular Frameworks (6)
|
APEC Privacy - regional data transfers
PIPEDA (Canada) & AIPP (Australian) OCED Privacy by Design US Government |
|
Steps to Develop Privacy Policies, Standards, Guidelines (4)
|
i) Assessment of Business Case
ii) Gap Analysis - iii) Review & Monitor iv) Communicate |
|
Business Case
|
Defines individual program needs and way to meet specific goals.
- Org Privacy Guidance - Define Privacy - Laws/Regs - Technical Controls - External Privacy Orgs - Frameworks - Privacy Enhancing Tech (PETs) - Education/Awareness - Program Assurance |
|
What are the 4 Parts of the Privacy Operational Life Cycle
|
i) Assess
ii) Protect iii) Sustain iv) Respond |
|
5 Maturity Levels of the AICPA/CICA Privacy Maturity Model?
|
i) Ad Hoc - Procedures informal, incomplete, inconsistently applied (not written)
ii) Repeatable - Procedures exist, partially documented, don't cover all areas iii) Defined - All documented, implemented, cover all relevant aspects iv) Managed - Reviews conducted assess effectiveness of controls v) Optimized - Regular reviews and feedback to ensure continuous improvements. |
|
Privacy Assessment Approach (Key Areas)
|
i) Internal Audit & Risk Management
ii) Information Tech & IT Operations/Development iii) Information Security iv) HR/Ethics v) Legal/Contracts vi) Process/3rd Party Vendors vii) Marketing/Sales viii) Government Relations ix) Accounting/Finance |
|
11 Principles of the Data Life Cycle Management Model
|
i) Enterprise Objectives
ii) Minimalism iii) Simplicity of Procedures & Training iv) Adequacy of Infrastructure v) Information Security vi) Authenticity and Accuracy of Records vii) Retrievabiliyt viii) Distribution Controls ix) Auditability x) Consistency of Policies xi) Enforcement |
|
What is CIA & AA
|
Confidentiality
Integrity Availability Accountability Assurance |
|
What is the difference between positive & negative controls?
|
Positive - Enable privacy and business practices (win/win)
Negative - Enable privacy but constrain business (win/lose) |
|
What are the 3 high level security roles?
|
i) Executive
ii) Functional iii) Corollary |
|
What are the 7 foundation principles of Privacy by Design?
|
i) Proactive not Reactive; Preventative not Remedial
ii) Privacy as Default Setting iii) Privacy Embedded into Design iv) Full Funcationality v) End to End Security (Throughout Lifecyle) vi) Visibility and Transparency vii) Respect for User Privacy |
|
3 keys to Sustainment?
|
i) Monitor
ii) Audit iii) Communicate |
|
4 keys to Response?
|
i) Information Requests
ii) Legal Compliance iii) Incident Response Planning iv) Incident Handling |