SlideShare ist ein Scribd-Unternehmen logo

Privacy Frameworks: The Foundation for Every Privacy Program

TrustArc
TrustArc

The webinar discussed privacy frameworks and how they provide the foundation for effective privacy programs. It introduced the TrustArc-Nymity Privacy & Data Governance Framework and explained how it is based on international standards. The framework takes an accountability-based approach and can be used to map activities to various regulatory requirements to demonstrate compliance. It also described how organizations can use the framework to build out the components of a comprehensive privacy program.

Technologie
1 von 27
Downloaden Sie, um offline zu lesen
Thank you for joining the webinar Privacy Frameworks: The Foundation of Every Privacy Program 1 ● We will be starting a couple minutes after the hour ● This webinar will be recorded and the recording and slides sent out later today ● Please use the GoToWebinar control panel on the right hand side to submit any questions for the speakers
© 2019 TrustArc Inc Proprietary and Confidential Information © 2020 TrustArc Inc Proprietary and Confidential Information Privacy Frameworks: The Foundation for Every Privacy Program TrustArc Privacy Insight Series Webinar April 15, 2020 2
Speakers Joanne Furtsch CIPP/C, CIPP/US, CIPT, FIP Director, Privacy Intelligence Development TrustArc 3 Paul Breitbarth LL.M Director, EU Policy & Strategy TrustArc Meaghan McCluskey LL.B., CIPP/US/E, CIPM Director of Research TrustArc
Agenda 4 ● Introducing the TrustArc-Nymity Privacy & Data Governance Framework ● The value of using a privacy framework as the backbone of your privacy program ● Using the TrustArc Framework in combination with international standards ● Q&A
Polling Question Are you using a framework as the basis of your privacy program? ● Nymity Privacy Management Accountability Framework ● TrustArc Privacy & Data Governance Framework ● ISO. NIST, or other external framework ● Own developed framework or guiding principles ● None 5
© 2019 TrustArc Inc Proprietary and Confidential Information Introducing the TrustArc-Nymity Privacy & Data Governance Framework
7
8
The Framework Standards 9
The Framework Standards 10
The Framework Standards 11
12
13
Privacy Management Categories 14 Maintain Governance Structure ◼︎ ◼︎ Maintain Personal Data Inventory and Data Transfer Mechanism ◼︎ ◼︎ ◼︎ Maintain Internal Data Privacy Policy ◼︎ ◼︎ ◼︎ Embed Data Privacy Into Operations ◼︎ ◼︎ Maintain Training and Awareness Program ◼︎ ◼︎ Manage Information Security Risk ◼︎ ◼︎ ◼︎ Manage Third Party Risk ◼︎ ◼︎ ◼︎ Maintain Notices ◼︎ ◼︎ Respond to Requests and Complaints from Individuals ◼︎ ◼︎ ◼︎ Monitor for New Operational Practices ◼︎ ◼︎ Maintain Data Privacy Breach Management Program ◼︎ ◼︎ ◼︎ Monitor Data Handling Practices ◼︎ Track External Criteria ◼︎ ◼︎ Build ◼︎ Implement ◼︎ Demonstrate
15
© 2019 TrustArc Inc Proprietary and Confidential Information Building Your Privacy Program using a Framework
Accountability Based Approach 17 Leverage existing activities to comply with many laws and evidence of accountability to demonstrate compliance ONE ACCOUNTABLE PRIVACY PROGRAM Evidence of Privacy Management Activities or Controls exists throughout the organization (within the privacy program as well as operations); evidence is collected in a centralized repository, structured in a line with the Privacy Management Categories or Standards. MANY REGULATORY REQUIREMENTS Evidence of accountability is mapped to requirements allowing the organization to demonstrate compliance with laws and regulations on-demand, supported by evidence.
Framework Mapping to International Standards 18 GDPR, CCPA, LGPD and NIST Compared – but there are many more… Accountability Compliance Privacy Management Categories EU GDPR California CCPA Brazil LGPD NIST 1 Maintain Governance Structure ◼︎◼︎ X X X 2 Maintain Personal Data Inventory ◼︎◼︎◼︎ X X X X 3 Maintain Data Privacy Policy ◼︎◼︎◼︎ X X X X 4 Embed Data Privacy into Operations ◼︎◼︎ X X X X 5 Maintain Training and Awareness Program ◼︎◼︎ X X X X 6 Manage Information Security Risk ◼︎◼︎◼︎ X X X 7 Manage Third-Party Risk ◼︎◼︎◼︎ X X X X 8 Maintain Notices ◼︎◼︎ X X X X 9 Maintain Procedures for Inquiries and Complaints ◼︎◼︎◼︎ X X X X 10 Monitor for New Operational Practices ◼︎◼︎ X X X 11 Maintain a Data Privacy Breach Management Program ◼︎◼︎◼︎ X X X X 12 Monitor Data Handling Practices ◼︎ X X X 13 Track External Criteria ◼︎ X X
Mapping to External Standards 19
Getting Started with a Framework-based Program 20 Updated version available soon
Framework to GDPR 21 Accountability Annotation Technical or Organisational Measures Example Accountability Mechanisms Example Evidence Article 13 - Controllers obligations to provide notice to data subjects Article 13 provides that where personal data relating to data subjects are collected, controllers must provide certain minimum information to those data subjects through an information notice. It also sets out requirements for timing of the notice and identifies when exemptions may apply. See Recitals 60-62. Maintain a data privacy notice that details the organization’s personal data handling practices This privacy management activity ensures that controllers put in place policies and procedures to ensure that the required information is provided to data subjects when their information is collected. Maintain policies/procedures for secondary uses of personal data This privacy management activity addresses having policies and procedures that define how to handle situations when the organisation wishes to use personal data beyond the primary purpose. Secondary uses of data must be disclosed in information notices under Article 13 and 14. Provide data privacy notice at all points where personal data is collected This privacy management activity addresses how an organisation provides an opportunity for data subjects to review the organisations privacy notice at the point of data collection. Data privacy notice Just in Time Data Privacy Notice Mobile Data Privacy Notice Short Form/Condensed Data Privacy Notice Translated Data Privacy Notice Privacy Notice Language for Hard Copy Forms Privacy Notice Signage Privacy Notice in Marketing Communications Privacy Notice in Contracts and Terms Scripts for Providing Notice via Phone Copy of the information notice provided to data subjects Documentation showing that privacy notice is aligned to legal requirements Details on the placement and timing of the notice Copies of contracts showing requirements for privacy notice language Records of training sessions with call center reps providing instruction on how to provide notice via phone
Framework to CCPA 22 Accountability Annotation Technical or Organisational Measures Example Accountability Mechanisms Example Evidence 1798.115 This section addresses the right to request, from businesses that sell or disclose personal information for business purposes, disclosure of categories of personal information that the business sold or disclosed and the categories of third parties to whom those categories of personal information were sold or disclosed in the preceding 12 months. Third parties cannot sell personal information that was sold to them from a business unless: •notice is given to consumers; and •they have an opportunity to opt out. Maintain a data privacy notice This privacy management activity ensures policies and procedures are in place for required information to be provided to consumers about sale of their personal information. Maintain and implement procedures to provide for and respond to requests for information This privacy management activity addresses the primary processes and procedures needed to ensure businesses can respond to requests in a timely and appropriate manner. Maintain and implement procedures to provide for and respond to requests to opt-out of, restrict or object to processing This privacy management activity addresses the primary processes and procedures needed to ensure consumers can opt-out of sale of their personal information upon request, in a timely and effective manner. Data privacy notice Opt-out request form Disclosure request form Procedures for responding to customer requests Template letters for responding to requests Request log Customer service mailbox Copy of the information notice provided to consumers Documentation showing that privacy notice is aligned to legal requirements Documentation that workflows for request demonstrate that procedures are being followed Random audit of files that demonstrates that templates are used in communications with requestors Documentation that customer service mailbox is tested to verify it is monitored and responded to Log tracking requests validates that timelines for responses are met Audit results that procedures are being followed
© 2019 TrustArc Inc Proprietary and Confidential Information Framework Mapping to International Standards
© 2019 TrustArc Inc Proprietary and Confidential Information Q&A
Speakers Joanne Furtsch CIPP/C, CIPP/US, CIPT, FIP Director, Privacy Intelligence Development TrustArc 25 Paul Breitbarth LL.M Director, EU Policy & Strategy TrustArc Meaghan McCluskey LL.B., CIPP/US/E, CIPM Director of Research TrustArc
Upcoming Webinars 26 Past Webinars Assessing Risk: How Organizations Can Proactively Manage Privacy Risk EMEA Quarterly Update: Two Years Later April 22, 2020 @ 12:00 EDT April 29, 2020 @ 10:00 EDT COVID-19 – What are the Potential Impacts on Data Privacy? Free Download
© 2019 TrustArc Inc Proprietary and Confidential Information Thank You! See http://www.trustarc.com/insightseries for the 2020 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with compliance, please reach out to sales@trustarc.com for a free demo.

Empfohlen

Assessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskAssessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskTrustArc
 
EMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years LaterEMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years LaterTrustArc
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for YouTrustArc
 
Post US Election Privacy Updates & Implications
Post US Election Privacy Updates & ImplicationsPost US Election Privacy Updates & Implications
Post US Election Privacy Updates & ImplicationsTrustArc
 
Privacy 2020: Recap & Predictions
Privacy 2020: Recap & PredictionsPrivacy 2020: Recap & Predictions
Privacy 2020: Recap & PredictionsTrustArc
 
COVID-19: What are the Potential Impacts on Data Privacy?
COVID-19: What are the Potential Impacts on Data Privacy?COVID-19: What are the Potential Impacts on Data Privacy?
COVID-19: What are the Potential Impacts on Data Privacy?TrustArc
 
Third-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActThird-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActTrustArc
 
CCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to KnowCCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to KnowTrustArc
 

Empfohlen

Assessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskAssessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskTrustArc
 
EMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years LaterEMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years LaterTrustArc
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for YouTrustArc
 
Post US Election Privacy Updates & Implications
Post US Election Privacy Updates & ImplicationsPost US Election Privacy Updates & Implications
Post US Election Privacy Updates & ImplicationsTrustArc
 
Privacy 2020: Recap & Predictions
Privacy 2020: Recap & PredictionsPrivacy 2020: Recap & Predictions
Privacy 2020: Recap & PredictionsTrustArc
 
COVID-19: What are the Potential Impacts on Data Privacy?
COVID-19: What are the Potential Impacts on Data Privacy?COVID-19: What are the Potential Impacts on Data Privacy?
COVID-19: What are the Potential Impacts on Data Privacy?TrustArc
 
Third-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActThird-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActTrustArc
 
CCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to KnowCCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to KnowTrustArc
 
Cookie Consent Regulatory Updates: How to Maintain Compliance
Cookie Consent Regulatory Updates: How to Maintain ComplianceCookie Consent Regulatory Updates: How to Maintain Compliance
Cookie Consent Regulatory Updates: How to Maintain ComplianceTrustArc
 
How to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskHow to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskTrustArc
 
CCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st EnforcementCCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st EnforcementTrustArc
 
Building Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementBuilding Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementTrustArc
 
China's PIPL: How to Comply in Under 60 Days
China's PIPL: How to Comply in Under 60 DaysChina's PIPL: How to Comply in Under 60 Days
China's PIPL: How to Comply in Under 60 DaysTrustArc
 
LGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionLGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionTrustArc
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...TrustArc
 
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?TrustArc
 
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...TrustArc
 
2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...TrustArc
 
So Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateSo Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateTrustArc
 
International Data Transfer Update
International Data Transfer UpdateInternational Data Transfer Update
International Data Transfer UpdateTrustArc
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsTrustArc
 
The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand TrustArc
 
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...TrustArc
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...TrustArc
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!Fintan Swanton
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is hereRichard Hogg,Global GDPR Offerings Evangelist
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleUlf Mattsson
 
California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)Happiest Minds Technologies
 
Privacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social MediaPrivacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social Mediadevbhargav1
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cookie Consent Regulatory Updates: How to Maintain Compliance
Cookie Consent Regulatory Updates: How to Maintain ComplianceCookie Consent Regulatory Updates: How to Maintain Compliance
Cookie Consent Regulatory Updates: How to Maintain ComplianceTrustArc
 
How to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskHow to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskTrustArc
 
CCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st EnforcementCCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st EnforcementTrustArc
 
Building Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementBuilding Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementTrustArc
 
China's PIPL: How to Comply in Under 60 Days
China's PIPL: How to Comply in Under 60 DaysChina's PIPL: How to Comply in Under 60 Days
China's PIPL: How to Comply in Under 60 DaysTrustArc
 
LGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionLGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionTrustArc
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...TrustArc
 
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?TrustArc
 
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...TrustArc
 
2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...TrustArc
 
So Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateSo Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateTrustArc
 
International Data Transfer Update
International Data Transfer UpdateInternational Data Transfer Update
International Data Transfer UpdateTrustArc
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsTrustArc
 
The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand TrustArc
 
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...TrustArc
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...TrustArc
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!Fintan Swanton
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleUlf Mattsson
 

Was ist angesagt? (20)

Cookie Consent Regulatory Updates: How to Maintain Compliance
Cookie Consent Regulatory Updates: How to Maintain ComplianceCookie Consent Regulatory Updates: How to Maintain Compliance
Cookie Consent Regulatory Updates: How to Maintain Compliance
 
How to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskHow to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy Risk
 
CCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st EnforcementCCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st Enforcement
 
Building Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementBuilding Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR Management
 
China's PIPL: How to Comply in Under 60 Days
China's PIPL: How to Comply in Under 60 DaysChina's PIPL: How to Comply in Under 60 Days
China's PIPL: How to Comply in Under 60 Days
 
LGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionLGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement action
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
 
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?
 
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
 
2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2021 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
 
So Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateSo Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law Update
 
International Data Transfer Update
International Data Transfer UpdateInternational Data Transfer Update
International Data Transfer Update
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
 
The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand
 
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
 
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? Article
 

Ähnlich wie Privacy Frameworks: The Foundation for Every Privacy Program

Privacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social MediaPrivacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social Mediadevbhargav1
 
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015Constantine Karbaliotis
 
Wolters Kluwer GDPR Webinar 9 May 2018
Wolters Kluwer GDPR Webinar 9 May 2018 Wolters Kluwer GDPR Webinar 9 May 2018
Wolters Kluwer GDPR Webinar 9 May 2018 Jonathan Chilton
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protectionMRS
 
[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to KnowTrustArc
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesTrustArc
 
Creating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanCreating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanMediacurrent
 
2015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 050520152015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 05052015Jan Dhont
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceTrustArc
 
General Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) ComplianceGeneral Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) Complianceaccenture
 
The Event Marketer's Checklist for GDPR Compliance
The Event Marketer's Checklist for GDPR ComplianceThe Event Marketer's Checklist for GDPR Compliance
The Event Marketer's Checklist for GDPR ComplianceSplash
 
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec GroupEXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec GroupFeroot
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Delphix
 
Streamlining Document Review & Production: Pitfalls and Best Practices
Streamlining Document Review & Production: Pitfalls and Best Practices Streamlining Document Review & Production: Pitfalls and Best Practices
Streamlining Document Review & Production: Pitfalls and Best Practices Osler, Hoskin & Harcourt LLP
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
 
2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliantTrustArc
 

Ähnlich wie Privacy Frameworks: The Foundation for Every Privacy Program (20)

California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)
 
Privacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social MediaPrivacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social Media
 
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
 
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015
 
Wolters Kluwer GDPR Webinar 9 May 2018
Wolters Kluwer GDPR Webinar 9 May 2018 Wolters Kluwer GDPR Webinar 9 May 2018
Wolters Kluwer GDPR Webinar 9 May 2018
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protection
 
[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
 
Creating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanCreating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout Plan
 
2015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 050520152015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 05052015
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy Compliance
 
General Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) ComplianceGeneral Data Protection Regulation (GDPR) Compliance
General Data Protection Regulation (GDPR) Compliance
 
IAPP certification programs overview
IAPP certification programs overviewIAPP certification programs overview
IAPP certification programs overview
 
The Event Marketer's Checklist for GDPR Compliance
The Event Marketer's Checklist for GDPR ComplianceThe Event Marketer's Checklist for GDPR Compliance
The Event Marketer's Checklist for GDPR Compliance
 
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec GroupEXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group
 
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
 
Streamlining Document Review & Production: Pitfalls and Best Practices
Streamlining Document Review & Production: Pitfalls and Best Practices Streamlining Document Review & Production: Pitfalls and Best Practices
Streamlining Document Review & Production: Pitfalls and Best Practices
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant
 

Mehr von TrustArc

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...TrustArc
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfTrustArc
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...TrustArc
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsTrustArc
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsTrustArc
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...TrustArc
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdfTrustArc
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceTrustArc
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023TrustArc
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustTrustArc
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowTrustArc
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc
 

Mehr von TrustArc (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy Certifications
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To Know
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
 

Kürzlich hochgeladen

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Privacy Frameworks: The Foundation for Every Privacy Program

  • 1. Thank you for joining the webinar Privacy Frameworks: The Foundation of Every Privacy Program 1 ● We will be starting a couple minutes after the hour ● This webinar will be recorded and the recording and slides sent out later today ● Please use the GoToWebinar control panel on the right hand side to submit any questions for the speakers
  • 2. © 2019 TrustArc Inc Proprietary and Confidential Information © 2020 TrustArc Inc Proprietary and Confidential Information Privacy Frameworks: The Foundation for Every Privacy Program TrustArc Privacy Insight Series Webinar April 15, 2020 2
  • 3. Speakers Joanne Furtsch CIPP/C, CIPP/US, CIPT, FIP Director, Privacy Intelligence Development TrustArc 3 Paul Breitbarth LL.M Director, EU Policy & Strategy TrustArc Meaghan McCluskey LL.B., CIPP/US/E, CIPM Director of Research TrustArc
  • 4. Agenda 4 ● Introducing the TrustArc-Nymity Privacy & Data Governance Framework ● The value of using a privacy framework as the backbone of your privacy program ● Using the TrustArc Framework in combination with international standards ● Q&A
  • 5. Polling Question Are you using a framework as the basis of your privacy program? ● Nymity Privacy Management Accountability Framework ● TrustArc Privacy & Data Governance Framework ● ISO. NIST, or other external framework ● Own developed framework or guiding principles ● None 5
  • 6. © 2019 TrustArc Inc Proprietary and Confidential Information Introducing the TrustArc-Nymity Privacy & Data Governance Framework
  • 7. 7
  • 8. 8
  • 12. 12
  • 13. 13
  • 14. Privacy Management Categories 14 Maintain Governance Structure ◼︎ ◼︎ Maintain Personal Data Inventory and Data Transfer Mechanism ◼︎ ◼︎ ◼︎ Maintain Internal Data Privacy Policy ◼︎ ◼︎ ◼︎ Embed Data Privacy Into Operations ◼︎ ◼︎ Maintain Training and Awareness Program ◼︎ ◼︎ Manage Information Security Risk ◼︎ ◼︎ ◼︎ Manage Third Party Risk ◼︎ ◼︎ ◼︎ Maintain Notices ◼︎ ◼︎ Respond to Requests and Complaints from Individuals ◼︎ ◼︎ ◼︎ Monitor for New Operational Practices ◼︎ ◼︎ Maintain Data Privacy Breach Management Program ◼︎ ◼︎ ◼︎ Monitor Data Handling Practices ◼︎ Track External Criteria ◼︎ ◼︎ Build ◼︎ Implement ◼︎ Demonstrate
  • 15. 15
  • 16. © 2019 TrustArc Inc Proprietary and Confidential Information Building Your Privacy Program using a Framework
  • 17. Accountability Based Approach 17 Leverage existing activities to comply with many laws and evidence of accountability to demonstrate compliance ONE ACCOUNTABLE PRIVACY PROGRAM Evidence of Privacy Management Activities or Controls exists throughout the organization (within the privacy program as well as operations); evidence is collected in a centralized repository, structured in a line with the Privacy Management Categories or Standards. MANY REGULATORY REQUIREMENTS Evidence of accountability is mapped to requirements allowing the organization to demonstrate compliance with laws and regulations on-demand, supported by evidence.
  • 18. Framework Mapping to International Standards 18 GDPR, CCPA, LGPD and NIST Compared – but there are many more… Accountability Compliance Privacy Management Categories EU GDPR California CCPA Brazil LGPD NIST 1 Maintain Governance Structure ◼︎◼︎ X X X 2 Maintain Personal Data Inventory ◼︎◼︎◼︎ X X X X 3 Maintain Data Privacy Policy ◼︎◼︎◼︎ X X X X 4 Embed Data Privacy into Operations ◼︎◼︎ X X X X 5 Maintain Training and Awareness Program ◼︎◼︎ X X X X 6 Manage Information Security Risk ◼︎◼︎◼︎ X X X 7 Manage Third-Party Risk ◼︎◼︎◼︎ X X X X 8 Maintain Notices ◼︎◼︎ X X X X 9 Maintain Procedures for Inquiries and Complaints ◼︎◼︎◼︎ X X X X 10 Monitor for New Operational Practices ◼︎◼︎ X X X 11 Maintain a Data Privacy Breach Management Program ◼︎◼︎◼︎ X X X X 12 Monitor Data Handling Practices ◼︎ X X X 13 Track External Criteria ◼︎ X X
  • 19. Mapping to External Standards 19
  • 20. Getting Started with a Framework-based Program 20 Updated version available soon
  • 21. Framework to GDPR 21 Accountability Annotation Technical or Organisational Measures Example Accountability Mechanisms Example Evidence Article 13 - Controllers obligations to provide notice to data subjects Article 13 provides that where personal data relating to data subjects are collected, controllers must provide certain minimum information to those data subjects through an information notice. It also sets out requirements for timing of the notice and identifies when exemptions may apply. See Recitals 60-62. Maintain a data privacy notice that details the organization’s personal data handling practices This privacy management activity ensures that controllers put in place policies and procedures to ensure that the required information is provided to data subjects when their information is collected. Maintain policies/procedures for secondary uses of personal data This privacy management activity addresses having policies and procedures that define how to handle situations when the organisation wishes to use personal data beyond the primary purpose. Secondary uses of data must be disclosed in information notices under Article 13 and 14. Provide data privacy notice at all points where personal data is collected This privacy management activity addresses how an organisation provides an opportunity for data subjects to review the organisations privacy notice at the point of data collection. Data privacy notice Just in Time Data Privacy Notice Mobile Data Privacy Notice Short Form/Condensed Data Privacy Notice Translated Data Privacy Notice Privacy Notice Language for Hard Copy Forms Privacy Notice Signage Privacy Notice in Marketing Communications Privacy Notice in Contracts and Terms Scripts for Providing Notice via Phone Copy of the information notice provided to data subjects Documentation showing that privacy notice is aligned to legal requirements Details on the placement and timing of the notice Copies of contracts showing requirements for privacy notice language Records of training sessions with call center reps providing instruction on how to provide notice via phone
  • 22. Framework to CCPA 22 Accountability Annotation Technical or Organisational Measures Example Accountability Mechanisms Example Evidence 1798.115 This section addresses the right to request, from businesses that sell or disclose personal information for business purposes, disclosure of categories of personal information that the business sold or disclosed and the categories of third parties to whom those categories of personal information were sold or disclosed in the preceding 12 months. Third parties cannot sell personal information that was sold to them from a business unless: •notice is given to consumers; and •they have an opportunity to opt out. Maintain a data privacy notice This privacy management activity ensures policies and procedures are in place for required information to be provided to consumers about sale of their personal information. Maintain and implement procedures to provide for and respond to requests for information This privacy management activity addresses the primary processes and procedures needed to ensure businesses can respond to requests in a timely and appropriate manner. Maintain and implement procedures to provide for and respond to requests to opt-out of, restrict or object to processing This privacy management activity addresses the primary processes and procedures needed to ensure consumers can opt-out of sale of their personal information upon request, in a timely and effective manner. Data privacy notice Opt-out request form Disclosure request form Procedures for responding to customer requests Template letters for responding to requests Request log Customer service mailbox Copy of the information notice provided to consumers Documentation showing that privacy notice is aligned to legal requirements Documentation that workflows for request demonstrate that procedures are being followed Random audit of files that demonstrates that templates are used in communications with requestors Documentation that customer service mailbox is tested to verify it is monitored and responded to Log tracking requests validates that timelines for responses are met Audit results that procedures are being followed
  • 23. © 2019 TrustArc Inc Proprietary and Confidential Information Framework Mapping to International Standards
  • 24. © 2019 TrustArc Inc Proprietary and Confidential Information Q&A
  • 25. Speakers Joanne Furtsch CIPP/C, CIPP/US, CIPT, FIP Director, Privacy Intelligence Development TrustArc 25 Paul Breitbarth LL.M Director, EU Policy & Strategy TrustArc Meaghan McCluskey LL.B., CIPP/US/E, CIPM Director of Research TrustArc
  • 26. Upcoming Webinars 26 Past Webinars Assessing Risk: How Organizations Can Proactively Manage Privacy Risk EMEA Quarterly Update: Two Years Later April 22, 2020 @ 12:00 EDT April 29, 2020 @ 10:00 EDT COVID-19 – What are the Potential Impacts on Data Privacy? Free Download
  • 27. © 2019 TrustArc Inc Proprietary and Confidential Information Thank You! See http://www.trustarc.com/insightseries for the 2020 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with compliance, please reach out to sales@trustarc.com for a free demo.