The goal of a privacy program is to protect the organization and its consumers from the mishandling of personal information.
To meet privacy requirements, you will need to answer these questions:
- What personal data do we handle?
- Where is that data stored?
- Where and how is that data processed?
- Do third-party vendors have access to personal data?
- What permissions do they have?
- Is consumer data treated in a way that is expected and agreed to by the consumer?
- Were consumers notified of our policies for data privacy and handling?
How to Build a Privacy Program:
Scope:
Identify and understand which data protection laws and regulations your organization’s privacy program and policies will align with. You may need to study industry-specific or mandated laws that apply to your company and how your current enterprise data privacy policies align with the regulated standards.Â
Data Inventory:Â
Organize and inventory all personal information across your network. Take note of personal data that flows out of our network to third-party services.Â
Privacy Strategy:
Once you have inventoried personal consumer information, you can plot out a privacy strategy that is based on a privacy framework that aligns with your organization’s data protection goals.
The NIST Privacy Framework is a good place to start. It is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.
Governance:
Oversight of the privacy program is key to the success and implementation of a privacy program. Privacy teams can be appointed to oversee and monitor the privacy program.
These steps will get you on the way to comprehensive privacy program development.
Please login or Register to submit your answer