Privacy Communities: How To Build Them And Drive Awareness
-
Upload
co3-systems -
Category
Technology
-
view
465 -
download
0
description
Transcript of Privacy Communities: How To Build Them And Drive Awareness
Privacy Communities
How To Build Them And Drive Awareness
Page 2
Agenda
• Introductions• Participants
• Steering Committee• Champions
• Awareness• Privacy Week• Training• Newsletters
• Q&A
Page 3
Co3 Automates Breach Management
PREPARE
Improve Organizational Readiness• Assign response team• Describe environment• Simulate events and incidents• Focus on organizational gaps
REPORT
Document Results and Track Performance• Document incident results• Track historical performance• Demonstrate organizational
preparedness• Generate audit/compliance reports
ASSESS
Quantify Potential Impact, Support Privacy Impact Assessments• Track events• Scope regulatory requirements• See $ exposure• Send notice to team• Generate Impact Assessments
MANAGE
Easily Generate Detailed Incident Response Plans• Escalate to complete IR plan• Oversee the complete plan• Assign tasks: who/what/when• Notify regulators and clients• Monitor progress to completion
Page 4
About PRIVACY REF
PRIVACY REF provides privacy program services for SMBs• PRIVACY REF helps SMBs create, refine, and manage their privacy programs
• PRIVACY REF helps SMBs increase revenuesby ensuring that you meet customer privacy and security requirements
• PRIVACY REF helps SMBs avoid expensesby avoiding the data loss, fines and brand damage that can be devastating to any business
• PRIVACY REF helps SMBs comply with regulations by employing best practices for handling customer and employee data while maintaining focus on your core business
• PRIVACY REF provides enterprise-caliber policy and program development and implementation that fits SMB budgets.
PRIVACY COMMUNITIES
Privacy Program Awareness
Page 6
Some common challenges
• Limited privacy resources• Geographically distributed operations• Varying organizational characteristics
• Business processes• Regional / Departmental culture
• “Reinventing the wheel”• Information flow
Page 7
Community
A group sharing common characteristics or interests and perceived or perceiving itself as distinct in some respect from
the larger society within which it exists
Page 8
The Steering Committee
• Charter• Define direction for the privacy program• Provide guidance on initiatives• Review and approve policy proposals
• Comprised of Senior Executives• Information Technology• Legal• Human Resources• Finance• Marketing
Page 10
Privacy Community
• The Privacy Community shares … • Local perspectives• Concerns / Solutions• Programs• Ideas• Artifacts
• Membership is unrestricted• Members are referred to as Privacy Champions
Page 11
Privacy Champions
• Requirements• Passion for privacy• Willing to drive initiatives within their team and/or business unit• Work for your company
• Recruiting• Existing privacy contacts• Nominees from the Steering Committee• Direct invitations• Volunteers• Champions recruit champions
Page 12
Privacy Community Meetings
• Welcome• Comments from a Steering Committee member• Champion perspectives• Update from the Privacy Team• Open discussion of a current issue• Recognition
Page 14
Recognition
• Focus on someone who supports privacy in any role• Tangible reward
• Gift card• Award• Gift (i.e. encrypted USB drive)
• Public recognition• Endorsement by recipient’s management team• Award at a Privacy Community meeting• Intranet• Newsletters
AWARENESS
Page 16
Privacy Awareness – How Are We Doing?
Source: Ponemon Institute
Page 17
Privacy Week
• Annual, company-wide event• Training / share information• Create a buzz• Give champions a chance to shine
• Privacy Presentations• Privacy fairs
Page 18
Privacy Week
• Kicked off by senior leadership• Video• Coffee talks
• Webinars• Repeated to address time zone issues
• Local presentations• Get IAPP involved
• CIPP Exams• IAPP KnowledgeNets
Page 19
Privacy Week Resources
• Privacy Community owns Privacy Week• Privacy team provides coordination• Privacy Community defines content
• Presenters and Fair participants• Privacy Champions• Vendors• Recognized privacy leaders• Internal teams
• The Privacy Game
Page 20
Privacy Week Publicity
• Posters• Emails
• C-level executive to the company• Steering Committee members to their teams
• Rename cafeteria menu items• PII Pasta Salad• Encrypted Eggplant Parmesan• Firewall Fried Chicken
Page 21
Global Data Privacy Day
• Celebrated January 28th • Single topic focus
• Webinars• Local presenters
• Cafeteria menu items renamed
Page 22
Training
• New hire training• Addressed by local HR teams• Hiring manager ultimately responsible
• Core training from the Privacy Team• Enterprise-wide Privacy Policies• PCI 101• HIPAA 101
• Targeted training from the Privacy Team• Upon request • In response to an event
Page 23
Newsletters & Blogs
• Privacy Blog• Subjects are of general interest• Available on the intranet• Weekly publication• Written by the Privacy Team
• Local newsletters• Subjects internally focused• Tip of the month• Local stories• Driven by Privacy Champions
Page 24
Other Contacts
• Privacy Mailbox• Multiple regional instances• Think about anonymous reporting abilities
• Fly-bys• HQ Visitors• Posters
• Positive reminders• “Something went wrong”
QUESTIONS
One Alewife Center, Suite 450
Cambridge, MA 02140
PHONE 617.206.3900
WWW.CO3SYS.COM
“Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.”
PC MAGAZINE, EDITOR’S CHOICE
“Co3…defines what software packages for privacy look like.”
GARTNER
“Platform is comprehensive, user friendly, and very well designed.”
PONEMON INSTITUTE
Bob Siegel
www.privacyref.com
888-470-1528 x801
508-474-5125
@PrivacyRef