How do we build a privacy program?

How do we build a privacy program?How do we build a privacy program?
Guest Author asked 1 year ago

1 Answers
Rebecca Kappel Staff answered 1 year ago
Privacy programs are often viewed as a subcategory of cybersecurity programs, but in reality, they are two areas that overlap considerably. For example, privacy laws such as the General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA) are geared specifically toward privacy and touch on cybersecurity where necessary.

The goal of a privacy program is to protect the organization and its consumers from the mishandling of personal information.

To meet privacy requirements, you will need to answer these questions:

  • What personal data do we handle?
  • Where is that data stored?
  • Where and how is that data processed?
  • Do third-party vendors have access to personal data?
  • What permissions do they have?
  • Is consumer data treated in a way that is expected and agreed to by the consumer?
  • Were consumers notified of our policies for data privacy and handling?

How to Build a Privacy Program:

Scope:

Identify and understand which data protection laws and regulations your organization’s privacy program and policies will align with. You may need to study industry-specific or mandated laws that apply to your company and how your current enterprise data privacy policies align with the regulated standards. 

Data Inventory: 

Organize and inventory all personal information across your network. Take note of personal data that flows out of our network to third-party services. 

Privacy Strategy:

Once you have inventoried personal consumer information, you can plot out a privacy strategy that is based on a privacy framework that aligns with your organization’s data protection goals.

The NIST Privacy Framework is a good place to start. It is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.

Governance:

Oversight of the privacy program is key to the success and implementation of a privacy program. Privacy teams can be appointed to oversee and monitor the privacy program.

These steps will get you on the way to comprehensive privacy program development.

Related Content

Asset Risk Management

Asset Risk Management

Asset Risk Management in cybersecurity is identifying, assessing, and mitigating risks associated with an organization’s digital…
Identity Security

Identity Security

What is Identity Security? Identity security refers to a comprehensive approach to safeguarding all forms of…
Risk Modeling

Risk Modeling

What is Risk Modeling in Cyber Security? At the core of cyber security risk management lies…
Skip to content