Strategic Management is the first high level necessary task to implement proactive privacy management through the following 3 subtasks:
(1) Define Privacy Vision and Privacy Mission Statementnn(2) Develop Privacy Strategynn(3) Structure Privacy Team
Strategic management of privacy starts by...
Strategic Management is the first high level necessary task to implement
proactive privacy management through the following 3 subtasks: - ANSWER- (1)
Define Privacy Vision and Privacy Mission Statement\n\n(2) Develop Privacy
Strategy\n\n(3) Structure Privacy Team
Strategic management of privacy starts by creating or updating the organization
vision and mission statement based on privacy best practices that should
include: - ANSWER- (1) Develop vision and mission statement objectives\n\n(2)
Define privacy program scope\n\n\n(3) Identify legal and regulatory compliance
challenges\n\n\n(4) Identify organization personal information legal requirements
Define Privacy Program Scope - ANSWER- 1) Identify & Understand Legal and
Regulatory Compliance Challenges\nii) Identify the Data Impacted\n\
n*Understand Global Perspective\n*Customize Approach\n*Be Aware of Laws,
Regulations, Processes, Procedures\n*Monitor Legal Compliance Factors
Questions to Ask When Determining Privacy Requirements (Legal) - ANSWER- -
Who collects, uses, maintians Personal Information\n- What are the types of
Personal Information\n- What are the legal requirements for the PI\n- Where is the
PI stored\n- How is the PI collected\n- Why is the PI collected
Steps to Developing a Privacy Strategy (5) - ANSWER- i) ID Stakeholders and
Internal Partnerships\nii) Leverage Key Functions\niii) Create a Process for
,Interfacing\niv) Develop a Data Governance Strategy\nv) *Conduct a Privacy
Workshop
What is a Privacy Program Framework? - ANSWER- Implementation roadmap that
provides structure or checklists to guide privacy professionals through
management and prompts for details to determine privacy relevant decisions.
Popular Frameworks (6) - ANSWER- APEC Privacy - regional data transfers\
nPIPEDA (Canada) & AIPP (Australian)\nOCED\nPrivacy by Design\nUS
Government
Steps to Develop Privacy Policies, Standards, Guidelines (4) - ANSWER- i)
Assessment of Business Case \nii) Gap Analysis - \niii) Review & Monitor\niv)
Communicate
Business Case - ANSWER- Defines individual program needs and way to meet
specific goals.\n\n- Org Privacy Guidance\n- Define Privacy\n- Laws/Regs\n-
Technical Controls\n- External Privacy Orgs\n- Frameworks\n- Privacy Enhancing
Tech (PETs)\n- Education/Awareness\n- Program Assurance
What are the 4 Parts of the Privacy Operational Life Cycle - ANSWER- i) Assess\
nii) Protect\niii) Sustain\niv) Respond
5 Maturity Levels of the AICPA/CICA Privacy Maturity Model? - ANSWER- i) Ad
Hoc - Procedures informal, incomplete, inconsistently applied (not written)\nii)
Repeatable - Procedures exist, partially documented, don't cover all areas\niii)
Defined - All documented, implemented, cover all relevant aspects\niv) Managed -
Reviews conducted assess effectiveness of controls\nv) Optimized - Regular
reviews and feedback to ensure continuous improvements.
Privacy Assessment Approach (Key Areas) - ANSWER- i) Internal Audit & Risk
Management\nii) Information Tech & IT Operations/Development\niii) Information
Security\niv) HR/Ethics\nv) Legal/Contracts\nvi) Process/3rd Party Vendors\nvii)
Marketing/Sales\nviii) Government Relations\nix) Accounting/Finance
11 Principles of the Data Life Cycle Management Model - ANSWER- i) Enterprise
Objectives\nii) Minimalism\niii) Simplicity of Procedures & Training\niv) Adequacy
of Infrastructure\nv) Information Security\nvi) Authenticity and Accuracy of
,Records\nvii) Retrievabiliyt\nviii) Distribution Controls\nix) Auditability\nx)
Consistency of Policies\nxi) Enforcement
What is CIA & AA - ANSWER- Confidentiality\nIntegrity\nAvailability\n\
nAccountability\nAssurance
What is the difference between positive & negative controls? - ANSWER- Positive
- Enable privacy and business practices (win/win)\n\nNegative - Enable privacy
but constrain business (win/lose)
What are the 3 high level security roles? - ANSWER- i) Executive\nii) Functional\
niii) Corollary
What are the 7 foundation principles of Privacy by Design? - ANSWER- i)
Proactive not Reactive; Preventative not Remedial\nii) Privacy as Default Setting\
niii) Privacy Embedded into Design\niv) Full Funcationality\nv) End to End
Security (Throughout Lifecyle)\nvi) Visibility and Transparency\nvii) Respect for
User Privacy
3 keys to Sustainment? - ANSWER- i) Monitor\nii) Audit\niii) Communicate
4 keys to Response? - ANSWER- i) Information Requests\nii) Legal Compliance\
niii) Incident Response Planning\niv) Incident Handling
Proactive privacy management is accomplished through three tasks - ANSWER-
1) Define your organization's privacy vision and privacy mission statements 2)
Develop privacy strategy 3) Structure your privacy team
This is needed to structure responsibilities with business goals - ANSWER-
Strategic Management
Strategic Management model - ANSWER- Identifies alignment to organizational
vision and defines the privacy leaders for an organization, along with the
resources necessary to execute the vision.
Privacy professional - ANSWER- Member of the privacy team who may be
responsible for privacy program framework development, management and
reporting within an organization
Strategic management of privacy starts by - ANSWER- creating or updating the
company's vision and mission statement based on privacy best practice
, Privacy best practices - ANSWER- 1) identify organization PI *legal
requirements,2) Develop V&M statement objectives,3) identify legal & regulatory
compliance challenges, &,4) define privacy program scope,
Vision or mission statement - ANSWER- This key factor that lays the groundwork
for the rest of the privacy program elements and is typically comprised of a short
sentence or two that describe the purpose and ideas in less than 30 seconds.
Strategic managment - ANSWER- Is the first high level task necessary to
implement proactive privacy management.
How do you create a company's: Privacy Vision? - ANSWER- (1) Acquire
knowledge on privacy approaches\n\n\n(2) E valuate the intended objective\n\n\
n(3) Gain executive sponsor approval for this Privacy Vision
How do you establish a Privacy Program? - ANSWER- (1) Define program scope
and charter\n\n\n(2) Identify the sources, types, and uses of Personal Information
(PI) within the org. and the applicable laws\n\n\n(3) Develop a Privacy Strategy
Elements of a Privacy Strategy? - ANSWER- (1) Business Alignment\n\n\n(2)
Develop a data governance strategy for personal information (collection,
authorized use, access, and destruction)\n\n\n(3) Plan inquiry/complaint handing
procedures (customers, regulators, etc.)
Structuring the Privacy Team involves: - ANSWER- (1) Identifying and
Establishing the appropriate Governance Model for your organization (usually
based on size)\n\n\n(2) Responsibilities and reporting structure for Governance
Model and Organization\n\n\n(3) Designate a point of contact for Privacy Issues\n\
n\n(4) Establish/endorse the measurement of professional competency
How do you develop the Privacy Program Framework? - ANSWER- (1) Develop
organizational privacy policies, standards, and/or guidelines\n\n\n(2) Define
Privacy Program activities
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller tuition. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.99. You're not tied to anything after your purchase.
