IBM Global Privacy Assessment · Creating a global privacy impact assessment process in Barclays 1....
Transcript of IBM Global Privacy Assessment · Creating a global privacy impact assessment process in Barclays 1....
![Page 1: IBM Global Privacy Assessment · Creating a global privacy impact assessment process in Barclays 1. Why develop a single, global approach to privacy impact assessment? 2. The process](https://reader030.fdocuments.in/reader030/viewer/2022040202/5e710f32257e13435b49b070/html5/thumbnails/1.jpg)
![Page 2: IBM Global Privacy Assessment · Creating a global privacy impact assessment process in Barclays 1. Why develop a single, global approach to privacy impact assessment? 2. The process](https://reader030.fdocuments.in/reader030/viewer/2022040202/5e710f32257e13435b49b070/html5/thumbnails/2.jpg)
IBM Global Privacy Assessment
1. IBM’s Global Privacy Assessment (GPA) - background
2. Considerations in designing the latest version of the GPA
3. The structure of GPA self assessment – 5 stage process
4. Designing & developing the GPA
5. Making it mandatory
6. What went well / further evolution
![Page 3: IBM Global Privacy Assessment · Creating a global privacy impact assessment process in Barclays 1. Why develop a single, global approach to privacy impact assessment? 2. The process](https://reader030.fdocuments.in/reader030/viewer/2022040202/5e710f32257e13435b49b070/html5/thumbnails/3.jpg)
5 stage self-assessment
![Page 4: IBM Global Privacy Assessment · Creating a global privacy impact assessment process in Barclays 1. Why develop a single, global approach to privacy impact assessment? 2. The process](https://reader030.fdocuments.in/reader030/viewer/2022040202/5e710f32257e13435b49b070/html5/thumbnails/4.jpg)
Visual progress / status
![Page 5: IBM Global Privacy Assessment · Creating a global privacy impact assessment process in Barclays 1. Why develop a single, global approach to privacy impact assessment? 2. The process](https://reader030.fdocuments.in/reader030/viewer/2022040202/5e710f32257e13435b49b070/html5/thumbnails/5.jpg)
Creating a global privacy impact assessment process in Barclays
1. Why develop a single, global approach to privacy impact
assessment?
2. The process of development - recognising different
business requirements and jurisdictional differences
3. The risk assessment process
4. Next steps – automation and fully global role out
![Page 6: IBM Global Privacy Assessment · Creating a global privacy impact assessment process in Barclays 1. Why develop a single, global approach to privacy impact assessment? 2. The process](https://reader030.fdocuments.in/reader030/viewer/2022040202/5e710f32257e13435b49b070/html5/thumbnails/6.jpg)
Barclays – screening questions
![Page 7: IBM Global Privacy Assessment · Creating a global privacy impact assessment process in Barclays 1. Why develop a single, global approach to privacy impact assessment? 2. The process](https://reader030.fdocuments.in/reader030/viewer/2022040202/5e710f32257e13435b49b070/html5/thumbnails/7.jpg)
Barclays – the assessment
![Page 8: IBM Global Privacy Assessment · Creating a global privacy impact assessment process in Barclays 1. Why develop a single, global approach to privacy impact assessment? 2. The process](https://reader030.fdocuments.in/reader030/viewer/2022040202/5e710f32257e13435b49b070/html5/thumbnails/8.jpg)
LexisNexis – two different approaches
• Risk Solutions: PIA for new product
• Legal: online compliance questions
![Page 9: IBM Global Privacy Assessment · Creating a global privacy impact assessment process in Barclays 1. Why develop a single, global approach to privacy impact assessment? 2. The process](https://reader030.fdocuments.in/reader030/viewer/2022040202/5e710f32257e13435b49b070/html5/thumbnails/9.jpg)
LexisNexis Risk Solutions small-scale local PIA process
What are the risks?
What are the solutions?
Privacy issue Individual risk Corporate risk Compliance risk (DPA)
Risk Solution(s) Risk eliminated, reduced or accepted Evaluation: is the final impact on
individuals after implementing
each solution a justified,
compliant and proportionate
response to the aims of the
project?
![Page 10: IBM Global Privacy Assessment · Creating a global privacy impact assessment process in Barclays 1. Why develop a single, global approach to privacy impact assessment? 2. The process](https://reader030.fdocuments.in/reader030/viewer/2022040202/5e710f32257e13435b49b070/html5/thumbnails/10.jpg)
LexisNexis Risk Solutions small-scale local PIA process
Sign off and record the outcomes
Integrate outcomes into action plan
Risk Approved solution Approved by
Action point Date for completion and progress Responsibility
![Page 11: IBM Global Privacy Assessment · Creating a global privacy impact assessment process in Barclays 1. Why develop a single, global approach to privacy impact assessment? 2. The process](https://reader030.fdocuments.in/reader030/viewer/2022040202/5e710f32257e13435b49b070/html5/thumbnails/11.jpg)
LexisNexis Legal online compliance questions
![Page 12: IBM Global Privacy Assessment · Creating a global privacy impact assessment process in Barclays 1. Why develop a single, global approach to privacy impact assessment? 2. The process](https://reader030.fdocuments.in/reader030/viewer/2022040202/5e710f32257e13435b49b070/html5/thumbnails/12.jpg)
Links and resources
• ICO PIA guidance: https://ico.org.uk/media/for-organisations/documents/1595/pia-code-of-practice.pdf
• NIST privacy harms: http://www.nist.gov/itl/csd/privacy-engineering-workshop-september-15-16-2014.cfm