Legal and privacy officers, senior leadership; CIO, CSO, PM, Information Systems Owner
(ISO), Information Security Officer (ISO), Others considered users and managers
Personal data should be relevant to the purpose for which they are to be used, and, to the
extent necessary for those purposes should be accurate, complete, and kept up-to-date.
,Definition 3 of 301
Binding contractual obligations and reporting requirements
This is the ability to rapidly adapt and respond to business disruptions and to maintain
continuous business operations
This is one method enforcing security and accountability in how personal data is handled
by third parties
The form of Redress that is offered to the complainant should be clearly defined in what?
This is an indicator used to measure the financial gain/loss (or value) of a project in relation
to its cost
Term 4 of 301
What is a Privacy Program Framework?
A set of laws governing privacy issues.
A software tool for encrypting files.
A marketing strategy for promoting social media accounts.
Implementation roadmap that provides structure or checklists to guide privacy
professionals through management and prompts for details to determine privacy relevant
decisions.
,Term 5 of 301
POLC/Assess/1.d. Data, systems, and process assessment involves:
Personal data should not be disclosed, made available or otherwise used for purposes
other than those specified, except with the consent of the data subject or by the authority
of law.
1) Know what is critical about the metric, 2) Monitor process performance with the metric,
\n\n 3) Make sure the process documentation is up to date,\n4) Perform regular reviews,
\n5) Make sure that any improvements are incorporated and maintained in the process,
\n6) Advocate the metric to customers, partners and others, and \n\n 7) Maintain training,
documentation, and materials.
Look to the strictest standard when seeking a solution; provided it does not violate any (1)
data privacy laws (2) exceed budgetary restrictions (3) contradict organization goals and
objectives.
(1) Map data inventories, flows, and classification\n(2) Create "record of authority" of
systems processing personal information within organization\n(3) Map and document data
flow in systems and applications\n(4) Analyze and classify types and uses of data
Term 6 of 301
What are the 4 Parts of the Privacy Operational Life Cycle
i) Monitor\nii) Audit\niii) Communicate
i) Assess\nii) Protect\niii) Sustain\niv) Respond
Indirectly by extrapolation from other measured factors
(1) enterprise objectives\n(2) minimalism\n(3) simplicity of procedure and effective
training\n(4) adequacy of infrastructure\n(5) information security\n(6) authenticity and
accuracy of one's own records\n(7) retreivability\n(8) distribution controls\n(9) auditability
\n(10) consistency of policies\n(11) enforcement
, Term 7 of 301
5 Maturity Levels of the AICPA/CICA Privacy Maturity Model?
...having in place as thorough a Privacy Policy Framework as possible becomes all the more
important and should be prioritized within the organization.
(1) Understand key roles and responsibilities (ID key business stakeholders and establish
incident response teams).\n\n\n(2) Develop a privacy incident response plan\n\n\n(3)
Identify elements of the privacy incident response plan\n\n\n(4) Integrate privacy incident
response into business continuity planning
i) Ad Hoc - Procedures informal, incomplete, inconsistently applied (not written)\nii)
Repeatable - Procedures exist, partially documented, don't cover all areas\niii) Defined -
All documented, implemented, cover all relevant aspects\niv) Managed - Reviews
conducted assess effectiveness of controls\nv) Optimized - Regular reviews and feedback
to ensure continuous improvements.
i) Enterprise Objectives\nii) Minimalism\niii) Simplicity of Procedures & Training\niv)
Adequacy of Infrastructure\nv) Information Security\nvi) Authenticity and Accuracy of
Records\nvii) Retrievabiliyt\nviii) Distribution Controls\nix) Auditability\nx) Consistency of
Policies\nxi) Enforcement
Term 8 of 301
Privacy goals are specific and measurable. What is an example of a Privacy Goal?
Provide privacy notices to 100 percent of the customer base; number of privacy notices.
Increase social media followers by 50%; number of new followers.
Reduce website loading time by 20%; percentage of reduction achieved.
Conduct a survey on customer satisfaction levels; number of surveys conducted.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller stuuviaa. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.