How do we build a privacy program?

How do we build a privacy program?How do we build a privacy program?
Guest Author asked 9 months ago

1 Answers
Rivky Kappel Staff answered 8 months ago
Privacy programs are often viewed as a subcategory of cybersecurity programs, but in reality, they are two areas that overlap considerably. For example, privacy laws such as the General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA) are geared specifically toward privacy and touch on cybersecurity where necessary.

The goal of a privacy program is to protect the organization and its consumers from the mishandling of personal information.

To meet privacy requirements, you will need to answer these questions:

  • What personal data do we handle?
  • Where is that data stored?
  • Where and how is that data processed?
  • Do third-party vendors have access to personal data?
  • What permissions do they have?
  • Is consumer data treated in a way that is expected and agreed to by the consumer?
  • Were consumers notified of our policies for data privacy and handling?

How to Build a Privacy Program:


Identify and understand which data protection laws and regulations your organization’s privacy program and policies will align with. You may need to study industry-specific or mandated laws that apply to your company and how your current enterprise data privacy policies align with the regulated standards. 

Data Inventory: 

Organize and inventory all personal information across your network. Take note of personal data that flows out of our network to third-party services. 

Privacy Strategy:

Once you have inventoried personal consumer information, you can plot out a privacy strategy that is based on a privacy framework that aligns with your organization’s data protection goals.

The NIST Privacy Framework is a good place to start. It is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.


Oversight of the privacy program is key to the success and implementation of a privacy program. Privacy teams can be appointed to oversee and monitor the privacy program.

These steps will get you on the way to comprehensive privacy program development.

Related Content

Penetration Testing

Penetration Testing

What is Penetration Testing? Cyber penetration testing is an effective way to show that your security…
Complimentary User Entity Controls

Complimentary User Entity Controls

What Are Complimentary User Entity Controls? When you think of third-party risk management, what usually comes…
Network Security Test

Network Security Test

What is a Network Security Test? Network security tests help to discover vulnerabilities in a company’s…
Skip to content