How do we build a privacy program?

How do we build a privacy program?How do we build a privacy program?
AvatarGuest Author asked 2 years ago

1 Answers
Rebecca KappelRebecca Kappel Staff answered 2 years ago
Privacy programs are often viewed as a subcategory of cybersecurity programs, but in reality, they are two areas that overlap considerably. For example, privacy laws such as the General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA) are geared specifically toward privacy and touch on cybersecurity where necessary.

The goal of a privacy program is to protect the organization and its consumers from the mishandling of personal information.

To meet privacy requirements, you will need to answer these questions:

  • What personal data do we handle?
  • Where is that data stored?
  • Where and how is that data processed?
  • Do third-party vendors have access to personal data?
  • What permissions do they have?
  • Is consumer data treated in a way that is expected and agreed to by the consumer?
  • Were consumers notified of our policies for data privacy and handling?

How to Build a Privacy Program:


Identify and understand which data protection laws and regulations your organization’s privacy program and policies will align with. You may need to study industry-specific or mandated laws that apply to your company and how your current enterprise data privacy policies align with the regulated standards. 

Data Inventory: 

Organize and inventory all personal information across your network. Take note of personal data that flows out of our network to third-party services. 

Privacy Strategy:

Once you have inventoried personal consumer information, you can plot out a privacy strategy that is based on a privacy framework that aligns with your organization’s data protection goals.

The NIST Privacy Framework is a good place to start. It is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.


Oversight of the privacy program is key to the success and implementation of a privacy program. Privacy teams can be appointed to oversee and monitor the privacy program.

These steps will get you on the way to comprehensive privacy program development.

Looking to learn more about How do we build a privacy program?

Related Content

Authorization to Operate (ATO)

Authorization to Operate (ATO)

What is an ATO? An ATO is a hallmark of approval that endorses an information system…


What is StateRAMP? In 2011, the Federal Risk and Authorization Management Program (FedRAMP) laid the groundwork…
Segregation of Duties

Segregation of Duties

What is the Segregation of Duties? Segregation of duties (SoD) is like a game of checks…
Skip to content