Privacy Advisory Service
•Als PPTX, PDF herunterladen•
1 gefällt mir•109 views
Learn how our Advisory Services team guides customers through two critical processes. The first is the process of assessing where you are today and the second is the process of building a stronger privacy program for tomorrow customized to your organization.
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Ähnlich wie Privacy Advisory Service
Ähnlich wie Privacy Advisory Service (20)
Mehr von Iron Mountain
Mehr von Iron Mountain (9)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Privacy Advisory Service
- 1. Assess for Today. Build for Tomorrow. ©2019 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of Iron Mountain Incorporated in the U.S. and other countries. All other trademarks and registered trademarks are the property of their respective owners. IRON MOUNTAIN ® PRIVACY ADVISORY SERVICE
- 2. WHY IS PRIVACY SO HOT RIGHT NOW? 2 REGULATORY CHANGES ARTIFICIAL INTELLIGENCE THIRD PARTY PROCESSING & DATA SHARING BIOMETRICSMOBILE WORKFORCE DATA BREACHES
- 3. GDPR WAS JUST THE BEGINNING… All 50 U.S. states have breach notification laws California Consumer Privacy Act (CPPA) Membership includes U.S., Mexico, Canada, Japan, South Korea; others working to join include Australia, Chinese Taipei, and the Philippines Proposed changes to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) Data protection and privacy for all individuals within the EU and the European Economic Area (EEA) Updates effective February 2018 affect the Australian Privacy Principles under the Privacy Act 1988
- 4. THE COST OF NON-COMPLIANCE $5.47 MILLION $14 MILLION $3.86 MILLION $2.8 MILLION Average cost of a data breach2 The cost of non- compliance – 2.7x more!1 A company’s average spend on compliance1 Average cost of losing <1% of customers from a breach2 1. Ponemon Institute, “Cost of a Data Breach Study”, 2017 2. Ponemon Institute, “Cost of a Data Breach Study”, July 2018
- 5. Constantly changing laws and complex regulations DATA PRIVACY MANAGEMENT IS KEY But there are challenges… Data proliferation has made it too complex to manage it manually Lack resources to fulfill increasing subject rights requests Unclear how you perform compared to your peers
- 6. WHAT IF YOU COULD… 6 1 2 3 4 Identify where personal and sensitive data is located so it can be classified and properly managed throughout its lifecycle? Benchmark your privacy program against your peers and understand where gaps exist? Receive tailored guidance on how to prioritize and address your most pressing challenges? Work with privacy specialists to help you build a stronger privacy program customized to your organization?
- 7. IRON MOUNTAIN ® PRIVACY ADVISORY SERVICE Accelerating your journey to advanced data privacy management Benchmark Measure against peers Compare Attestation Document compliance Collect Evidence Privacy Impact (PIAs/DPIAs) Evaluate risks Identify Requirements Personal Data Classification Locate and protect data Subject Rights Requests Create process Assess current state Build future-proof program Build Program RefineIdentify Protect & Manage Compliance Scorecard Gap Analysis Roadmap Mitigate Risks
- 8. IRON MOUNTAIN FOR DATA PRIVACY MANAGEMENT Legal Compliance Expertise + Technology Solutions EXPERTISE BEST PRACTICES TECHNOLOGY • 65+ years protecting customer data • Specialty experience in data mapping, classification, and retention • Comprehensive support to mitigate risks and achieve compliance Iron Mountain® Privacy Advisory Service • Tools and templates that accelerate assessments • Software to streamline manual processes • Recommended technology solutions
- 9. ASSESSING WHERE YOU ARE TODAY 9 Benchmark • Compare to peers/industry standards • Identify strengths and gaps • Prioritize improvements • Customized report and roadmap - Validate existing programs - Align resources with priorities - Accelerate progress • Customized assessment • Document compliance • Solidify direction • Compliance scorecard • Updated roadmap - Prioritize gaps and align resources - Establish annual reviews Privacy Impact (PIAs/DPIAs) • Evaluate applicable laws • Identify question • Evaluate risks • Custom impact assessment report - Understanding of GDPR impact - Proactively mitigate risks We provide a customized roadmap for improvement based on your current state Client Outcomes Attestation
- 10. BUILD A STRONGER PROGRAM FOR THE FUTURE 10 • Identify and locate personal data • Protect what needs protecting • Delete redundant, obsolete, or trivial data • Complete report on analysis - End-to-end visibility of data privacy needs - Improve protection - Free up storage - Reduce complexity and risk • Identify requirements • Define and document procedures • Recommend and implement technology • Train staff Personal Data Classification service Subject Rights Request Management Planning Client Outcomes - Confidently handle subject rights requests - Streamline request process - Trained staff Better manage and protect data while satisfying requests for information
- 11. IRON MOUNTAIN SERVICE OFFERINGS FOR THE FULL LIFECYCLE OF SENSITIVE DATA 11 Destroy data in with regulations governing information destruction Have paper documents scanned and indexed, with metadata applied, for easy data retrieval Know Your Retention and Privacy Obligations. Show Compliance. Secure and protect your valuable information you plan to retain Policy Center Solution A cloud-based service that helps keep your records retention and data privacy policy management connected, current and compliant • Expert Advisory Services team support • Create a unified view of personal data and related obligations • Continuously updated online portal • Easily distribute policy to key stakeholders Iron Cloud™ and Secure Storage Services Shredding and Secure e-Waste and IT Asset Disposition Services Document Imaging Services
- 12. EMPOWERING OUR CLIENTS WITH ENTERPRISE DATA PRIVACY MANAGEMENT 12 Respond swiftly to audits Reduce exposure of data to breaches Streamline data protection Model industry best practices Create a culture of ethics and compliance Make stronger, data-driven decisions Lower the risk of fines Leverage technology
- 13. Reach out to our Advisory Services team to conduct a complimentary benchmark assessment and learn how your privacy program compares to your peers IT’S EASY AND FREE TO GET STARTED 13
- 14. Thank you ©2019 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of Iron Mountain Incorporated in the U.S. and other countries. All other trademarks and registered trademarks are the property of their respective owners.
Hinweis der Redaktion
- Hello and welcome! I’m looking forward to sharing the benefits of our Iron Mountain® Privacy Advisory Service, and why now, more than ever, having a strong data privacy management practice is critical for your business.
- Let’s talk first about why privacy is such a hot topic today. There are a lot of complex trends influencing the focus on privacy from every level of business, from IT and cybersecurity, to partners, to employees, and of course, government and industry regulations. Examples of privacy concerns include the obvious malicious events like cyberattacks or even accidental data breaches – we’ve all seen the headlines and know how damaging these can be to your reputation and the bottom line. Meanwhile, your workforce is mobile. Even if they regularly work in the office, they utilize phones, tablets, and laptops to access sensitive data that is often sensitive. What happens when those devices are compromised or lost, or not correctly managed? Pushing the frontier of AI and biometrics also means pushing the boundaries of privacy. What must we be careful about when leveraging personal information for commercial, marketing, or predictive analytics purposes? Business is rarely done alone. We all rely on third parties to get the job done, which can include processing and sharing personal data. How do you ensure alignment with these entities and that they comply with all necessary regulations? And speaking of regulations, this is at the forefront for so many companies today. It’s no easy task proving compliance with the ever-changing, ever-evolving industry and government regulations around the globe. [DETAILS ON NEXT SLIDE]
- GDPR created a huge shift in how businesses must treat personal information. And that shift is still rippling through the global economy, as additional regions strive to augment or define their own privacy rules. This has created a web of complexity that can be hard to navigate, and damaging if mismanaged. [MORE INFORMATION ABOUT REGIONAL PRIVACY ACTS] Proposed changes to Canada’s PIPEDA Source: https://www.ourcommons.ca/DocumentViewer/en/42-1/ETHI/report-12/ US – New York, Colorado, California California Comparison https://adexchanger.com/privacy/how-the-california-consumer-privacy-act-stacks-up-against-gdpr/ http://www.govtech.com/policy/The-Battle-Over-California-Privacy-Ballot-Initiative-Looms-Large-in-2018.html https://www.caprivacy.org/about APEC https://www.apec.org/Groups/Committee-on-Trade-and-Investment/Electronic-Commerce-Steering-Group, Singapore https://www.huntonprivacyblog.com/2018/03/08/singapore-joins-the-apec-cbpr-and-prp-systems/ Croatian Privacy Law -- https://iapp.org/news/a/croatian-gdpr-implementation-law-main-features-and-unanswered-questions/ Asia / Cayman Islands / Australia / Mexico / China
- Regardless of your organization’s size or industry, the cost of compliance has increased during the past six years and is expected to continue to rise. But the cost of non-compliance far outweighs the cost of compliance, averaging 2.71 times more expensive [PONEMON STUDY 2017]. The cost of non-compliance is primarily attributed to the disruption to business, loss of productivity, revenue loss, and resulting fines and penalties. Data breaches alone can be extremely harmful, with the average cost hovering around 3.8 million dollars. What’s harder to measure is the impact to your brand and reputation. How many customers lose your trust and in turn, you lose their business? Even a small loss of less than 1% of your customer base can result in millions lost.
- What’s the answer? Data privacy management is the key to protecting your customers and your business and minimizing the chance of a costly breach. But this is no easy task. Like we’ve already discussed, the path to protecting data is fraught with challenges, like: Constantly evolving regulations The overall growth of data and the complexities of managing it Not understanding best practices or how your peers are (or are not) successful And you often lack the resources in-house to manage your data privacy effectively and efficiently – or to satisfy new “data subject rights” requests from your customers and users
- Let’s imagine the future. What would it mean to your business and your ability to manage data privacy if you could: Benchmark your privacy program against your peers and understand where gaps exist? Receive tailored guidance on how to prioritize and address your most pressing challenges? Work with privacy specialists to help build a stronger privacy program customized to your organization? Identify where personal and sensitive data is located so it can be classified and properly managed throughout its lifecycle? Turns out this future is possible, with Iron Mountain.
- To help you, the leader in information management and governance with 65+ years of experience protecting customers’ digital and physical information brings you the Iron Mountain® Privacy Advisory service. This service is designed to assess your current state of data privacy management capabilities, and then create a roadmap to build a program for privacy management that will stand the test of time - all on an accelerated timeline and driven by privacy experts. Our Advisory Services team guides you through two critical processes. The first is the process of assessing where you’re at and the second is the process of building a stronger privacy program customized to your organization. Through high-level and in-depth assessments, you’ll know where you benchmark against peers, and have documentation of your organization’s privacy compliance activities and risks to personal data. You’ll receive a strategic roadmap with practical guidance and support to build a program for identifying where sensitive personal data is located so you can either protect or delete it, managing subject rights requests, and augmenting your staff as needed.
- What makes Iron Mountain unique with our Privacy Advisory service offering is the strong combination of expertise, best practices and processes, and technology. Our Advisory Services team, with privacy specialists in areas such as data mapping, classification, and retention, provides you with comprehensive support to mitigate risks associated with personal data and achieve privacy compliance. Our heritage of data protection and deep experience with privacy management has enabled us to develop best practices and processes that have helped many customers create successful data privacy programs. Through this service, you’ll be provided with comprehensive support to mitigate risks associated with personal data, and achieve privacy compliance. With years of experience providing holistic information governance solutions, the Advisory Services team includes over 100 skilled legal researchers and attorneys, records managers, library and information scientists, and experts in electronic content management with practice areas in most industries. And we have the know-how to leverage best-in-class technologies to automate and streamline manual, error-prone processes that will otherwise never scale the way you need them to in order to tackle the challenges you face today.
- Let’s take a closer look at how you can assess where you are today. We help you assess your current program through a number of approaches and techniques, starting with a benchmark review that compares your privacy program against your peers and industry standards. We then identify strengths, and more importantly, your gaps, and start constructing a roadmap that will help you address them quickly based on your biggest priorities. We can also help with a customized attestation assessment, where we can help you document evidence of your organization’s compliance with relevant jurisdictional and industry-specific privacy requirements and best practices to manage and protect personal data effectively. Critical gaps here are also identified and we help you prioritize your efforts based on risk, business needs, and resources, so you can close those gaps as quickly as possible. As you assess your current state, we can also support you with privacy impact assessments (PIAs) and data protection impact assessments (DPIAs) under the EU General Data Protection Regulation (GDPR). First, you’ll be guided through an assessment to evaluate whether or not a PIA/DPIA is recommended or required. You’ll work together with our Advisory Services team to leverage customizable PIA/DPIA templates to include questions relevant to your organization. You’ll receive an output report summarizing the final PIA/DPIA with completed responses and noted decision making criteria, including legal grounds for processing personal data.
- Here’s where the rubber starts meeting the road and we begin constructing a program for you that will meet your needs today as well as into the future. Your program will also account for any new processes you need to build to satisfy requests for information, as is a requirement for GDPR data subject rights requests. As part of helping you build a stronger privacy program for the future, we have a number of technology tools we utilize to automate the process of identifying and locating personal data throughout your organization. You’ll receive reporting on results from the file analysis, including what types of data where found in your systems, where the data is located and whether or not the data complies with your retention and privacy policies. We can then bring data under protection that requires it, and also take the opportunity to “clean house” by deleting redundant, obsolete, or otherwise unneeded data that only serves to take up storage space, add to your complexity, and increase your risk. We can also support you as you develop or enhance your processes to manage requests made by individuals to exercise their subject rights under privacy regulations such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CaCPA), including informing, correcting and restricting their personal data. Privacy specialists on our Advisory Services team can help manage, refine and build out processes to manage requests based on your organization’s maturity of systems and processes, risk profile and volume of subject rights requests. You’ll work together with Advisory Services to define and document procedures and workflows for evaluating, processing and managing subject rights requests in a way that makes sense for your organization. Advisory Services can recommend and implement appropriate technology such as data mapping, collection or anonymization software that may be needed to support your organization in fulfilling subject rights requests. Advisory Services can provide training on the processes and procedures for employees who will be managing subject rights requests.
- Iron Mountain has a number of related services that allow you to address every aspect of privacy data management from cloud and offsite storage, to imaging, to secure disposal. In addition, our Policy Center solution, a comprehensive cloud-based service, helps you stay on top of your records retention and data privacy obligations, giving you what you need to maintain and prove compliance.
- The Iron Mountain® Privacy Advisory service empowers clients with the enterprise data privacy management they need. With our service, you will be able to: Make better, data-driven decisions for customers and for the business Respond quickly and accurately to audits Reduce the risk and exposure of data to possible breaches of all types Lower the risk of non-compliance and in turn, the likelihood of fines Streamline your capabilities to protect data by automated manual processes and reducing the chance for errors Smartly leverage technology so you can manage more data, more effectively, with fewer resources, and scale to the levels demanded by the business Have the confidence that you are modeling your processes after proven best practices for your industry And ultimately, create the needed culture of ethics and compliance that helps make it all possible
- Ready to learn more? It’s easy, and turns out FREE, to get started. If you’re ready to take the next step towards excellence in data privacy management, we’ll connect you to our advisory services team for a complimentary benchmark assessment. This assessment will provide the insights you need to understand how you compare to your peers based on industry best practices.