Privacy Program Manager Introduction

1. Overview:

   1. Responsible to prove to the organization that it has the proper controls to demonstrate to regulators that the organization handles personal data responsibly.

      1. Promote consumer trust and confidence

      2. Maintain the reputation of the organization.

      3. Facilitates privacy program awareness

      4. Respond effectively to privacy breaches.

      5. Continually monitor, maintain, and improve the privacy program.

      6. SPecifics

         1. Improve staff

         2. Develop monitoring, impact assessments,

         3. Privacy Audits

         4. Cross border data transfers

         5. Web Certification seals

         6. Collaborate with IT, Security, and

   2. Where do privacy pros sit?

      1. Mature Organization: throughout the ranks, HR, IT, marketing, and sales

      2. Immature Organization: In the middle of the org

   3. What is PPM:

      1. Combining of disciplines into a framework that allows an organization to meet legal compliance requirements and the expectations of business clients.

         1. GDPR

         2. CCPA

         3. Other privacy regulations

      2. Why?

         1. Reduce threat vector for Data Breach

2. Accountability

   1. Having proper policies and procedures in place - prove accountability

   2. Organization takes care of data throughout the data lifecycle.

   3. How do policies help?

      1. Allows organizations to meet guidance on their own terms.

3. Beyond Law and Compliance

   1. Very critical to show customer trust

   2. Fines and fees from regulators are bad, but not nearly as bad as other.

   3. Mature privacy program to maint brand reputation.

4. Why have a privacy program?

   1. Reduce lawsuit risks.

   2. Meet compliance requirements.

   3. Meet consumer expectations/enhance trust.

   4. Reduce risk of data breach.

5. Privacy Across the organization.

   1. Functional groups must understand

      1. How they impact privacy

      2. The privacy requirements themselves.

   2. Functional/Large Org

      1. Marketing will have a privacy rep to sign off all marketing materials after privacy review

      2. HR will have a privacy rep to ensure that privacy is okay with HR regcords

      3. Enforcement

         1. Enforcement done at the functional level, not after the fact

         2. HR Policies have to be reviewed by a privacy rep

         3. Technical Infrastructure must pass a privacy impact assessment

   3. Learning and Development Group

      1. Manages activities related to employee training

      2. Makes policies and procedures relatable to teachable content

   4. Communication Group

      1. Sends out privacy related information to all employees.

   5. Information Security Group

      1. More closely aligned to the privacy group

      2. Implements privacy controls for GDPR

         1. DLP

         2. Encryption

         3. Security Controls

         4. Role based access

   6. IT Group

      1. Adds Processes and controls to support and enhance privacy

      2. Creates role based access controls and other controls to better protect sensitive information.

   7. Internal Audit Group

      1. Independent Group

      2. Assesses whether controls in place to protect personal data are effective

   8. Procurement

      1. Contracts are in place with proper language for service providers that process personal information.

      2. Data controllers must ensure that the protection requirements are fulfilled.

6. Awareness, Alignment, and Involvement

   1. Priv Mgr creates the program but it takes an organization to implement.

   2. Priv Mgr is the conductor, while the organization is the symphony.

   3. Priv Mgr needs to be proactive in driving the organization.

7. Summary

   1. PM work for everyday consumers and fellow employees, not just investors and regulators.