• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

22 Cards in this Set

  • Front
  • Back
3 Subtask of Strategic Management
i) Define Privacy Vision and Privacy Mission Statement
ii) Develop Privacy Strategy
iii) Structure Privacy Team
What should a privacy vision/mission statement include? (4)
i) Develop Privacy Objectives
ii) Define Scope
iii) Identify Legal & Regulatory Compliance Challenges
iv) Identify Personal Information Legal Requirements

*Be less than 30 seconds
What is the difference between a vision statement & mission statement?
Vision - Describes purpose and ideas

Mission - What you do, What you stand for, Why
Key Steps to Define Scope (2)
i) Identify & Understand Legal and Regulatory Compliance Challenges
ii) Identify the Data Impacted

*Understand Global Perspective
*Customize Approach
*Be Aware of Laws, Regulations, Processes, Procedures
*Monitor Legal Compliance Factors
Types of Protection Models (4)
i) Sectoral (US)
ii) Comprehensize (EU, Canada, Russia)
iii) Co-Regulatory (Australia)
iv) Self Regulated (US, Japan, Singapore)
Questions to Ask When Determining Privacy Requirements (Legal)
- Who collects, uses, maintians Personal Information
- What are the types of Personal Information
- What are the legal requirements for the PI
- Where is the PI stored
- How is the PI collected
- Why is the PI collected
Steps to Developing a Privacy Strategy (5)
i) ID Stakeholders and Internal Partnerships
ii) Leverage Key Functions
iii) Create a Process for Interfacing
iv) Develop a Data Governance Strategy
v) *Conduct a Privacy Workshop
Data Governance Models (3)
i) Centralized
ii) Local/Decentralized
iii) Hybrid
What is a Privacy Program Framework?
Implementation roadmap that provides structure or checklists to guide privacy professionals through management and prompts for details to determine privacy relevant decisions.
Popular Frameworks (6)
APEC Privacy - regional data transfers
PIPEDA (Canada) & AIPP (Australian)
Privacy by Design
US Government
Steps to Develop Privacy Policies, Standards, Guidelines (4)
i) Assessment of Business Case
ii) Gap Analysis -
iii) Review & Monitor
iv) Communicate
Business Case
Defines individual program needs and way to meet specific goals.

- Org Privacy Guidance
- Define Privacy
- Laws/Regs
- Technical Controls
- External Privacy Orgs
- Frameworks
- Privacy Enhancing Tech (PETs)
- Education/Awareness
- Program Assurance
What are the 4 Parts of the Privacy Operational Life Cycle
i) Assess
ii) Protect
iii) Sustain
iv) Respond
5 Maturity Levels of the AICPA/CICA Privacy Maturity Model?
i) Ad Hoc - Procedures informal, incomplete, inconsistently applied (not written)
ii) Repeatable - Procedures exist, partially documented, don't cover all areas
iii) Defined - All documented, implemented, cover all relevant aspects
iv) Managed - Reviews conducted assess effectiveness of controls
v) Optimized - Regular reviews and feedback to ensure continuous improvements.
Privacy Assessment Approach (Key Areas)
i) Internal Audit & Risk Management
ii) Information Tech & IT Operations/Development
iii) Information Security
iv) HR/Ethics
v) Legal/Contracts
vi) Process/3rd Party Vendors
vii) Marketing/Sales
viii) Government Relations
ix) Accounting/Finance
11 Principles of the Data Life Cycle Management Model
i) Enterprise Objectives
ii) Minimalism
iii) Simplicity of Procedures & Training
iv) Adequacy of Infrastructure
v) Information Security
vi) Authenticity and Accuracy of Records
vii) Retrievabiliyt
viii) Distribution Controls
ix) Auditability
x) Consistency of Policies
xi) Enforcement
What is CIA & AA

What is the difference between positive & negative controls?
Positive - Enable privacy and business practices (win/win)

Negative - Enable privacy but constrain business (win/lose)
What are the 3 high level security roles?
i) Executive
ii) Functional
iii) Corollary
What are the 7 foundation principles of Privacy by Design?
i) Proactive not Reactive; Preventative not Remedial
ii) Privacy as Default Setting
iii) Privacy Embedded into Design
iv) Full Funcationality
v) End to End Security (Throughout Lifecyle)
vi) Visibility and Transparency
vii) Respect for User Privacy
3 keys to Sustainment?
i) Monitor
ii) Audit
iii) Communicate
4 keys to Response?
i) Information Requests
ii) Legal Compliance
iii) Incident Response Planning
iv) Incident Handling