Data Privacy Day - MaRS Best Practices
-
Upload
mars-discovery-district -
Category
Business
-
view
314 -
download
0
Transcript of Data Privacy Day - MaRS Best Practices
![Page 1: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/1.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
Data Privacy Day: The Start-‐up’s Guide to Privacy January 28th, 2016
J A N U A R Y 2 0 1 6
![Page 2: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/2.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
1. Why invest in privacy? 2. What do I need to do?
– Understand the LegislaQve Landscape – Develop a Privacy Management Program
• AccountabiliQes • Risk Management
• Privacy OperaQons
3. Where can I get more informaQon?
Agenda
September 2014
![Page 3: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/3.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
![Page 4: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/4.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
• Know what privacy laws apply to you and your customers: – Business Models:
• Business to Business • Business to Consumer
– JurisdicQons: • Ontario • Canada • U.S. • World
LegislaQve Landscape
![Page 5: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/5.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
Privacy Program
Governance and
Accountability
Privacy Operations
Privacy Risk Management
Develop a Privacy Management Program
![Page 6: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/6.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
Privacy Risk Management
• Privacy Impact Assessment – IdenQfy Privacy Gaps – MiQgate Privacy Risks (Admin. & Tech.)
– Consists of: • Authority • Data Flow (CollecQon, Use and Disclosure)
• Assessment
• MarkeQng Tool
![Page 7: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/7.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
• Appoint a privacy officer • Create Privacy Policies • Confiden6ality Agreements • Privacy and Security Awareness Training • Create a culture of privacy
Governance and Accountability
![Page 8: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/8.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
Appoint a Privacy Officer
• PosiQon will depend on size and complexity of organizaQon – Large organizaQon – dedicated privacy
person – Small organizaQon – assigned to someone
with other responsibiliQes
• Must have the authority and resources needed to deal with privacy issues
![Page 9: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/9.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
Privacy Policies
• Overarching privacy policy • Privacy statement suitable for the
public and published in a brochure or on website
• OperaQng policies addressing major privacy issues such as consent, disclosure, client access
![Page 10: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/10.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
Confiden6ality Agreement
• Make everyone who handles personal informaQon sign a confidenQality agreement.
• Ensure that they understand their obligaQon to keep personal informaQon confidenQal and the consequences of breaching customer privacy.
![Page 11: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/11.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
Privacy and Security Awareness Training
• Security and Privacy Awareness training for all staff who have access to personal informaQon
• Specialty training for privacy officers, app developers
• Consider different approaches: – Classroom style
– Videos – Computer-‐based training
![Page 12: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/12.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
Culture of Privacy
• Make privacy a core value • Privacy is good for business • Promote secure behaviors • Senior Management must lead by
example
![Page 13: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/13.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
Privacy OperaQons
• Incident/Breach Management • Consent Management
• Individual Access & CorrecQon • Complaints & Inquiries
![Page 14: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/14.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
Be ready for a Privacy Breach
• Privacy Incident: Unauthorized or illegal access to, or use, collecQon, disclosure or disposal of personal or personal health informaQon. A privacy incident results from a privacy breach.
![Page 15: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/15.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
Consent Management
• Obtain Consent • Withdrawing Consent
• Overriding a Consent DirecQve • ReinstaQng Consent
![Page 16: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/16.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
www.privacyhorizon.wikispaces.com
Privacy and Security Links
Privacy and Security Resources
![Page 17: Data Privacy Day - MaRS Best Practices](https://reader033.fdocuments.in/reader033/viewer/2022052916/588172781a28abf7478b60c5/html5/thumbnails/17.jpg)
Developing talent • G
rowing ventures • O
pening markets
Visit us at marsdd.com
THANK YOU!
B E C A U S E T H E F U T U R E M A T T E R S
I NNOVAT ION