How do we build a privacy program?

The goal of a privacy program is to protect the organization and its consumers from the mishandling of personal information.

To meet privacy requirements, you will need to answer these questions:

• What personal data do we handle?
• Where is that data stored?
• Where and how is that data processed?
• Do third-party vendors have access to personal data?
• What permissions do they have?
• Is consumer data treated in a way that is expected and agreed to by the consumer?
• Were consumers notified of our policies for data privacy and handling?

How to Build a Privacy Program:

Scope:

Identify and understand which data protection laws and regulations your organization’s privacy program and policies will align with. You may need to study industry-specific or mandated laws that apply to your company and how your current enterprise data privacy policies align with the regulated standards. 

Data Inventory: 

Organize and inventory all personal information across your network. Take note of personal data that flows out of our network to third-party services. 

Privacy Strategy:

Once you have inventoried personal consumer information, you can plot out a privacy strategy that is based on a privacy framework that aligns with your organization’s data protection goals.

The NIST Privacy Framework is a good place to start. It is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.

Governance:

Oversight of the privacy program is key to the success and implementation of a privacy program. Privacy teams can be appointed to oversee and monitor the privacy program.

These steps will get you on the way to comprehensive privacy program development.