Managing Privacy in a Global Organization

Slides:

Advertisements

Similar presentations

Managing Risk: A Framework and Reporting Cycle 2014.

Advertisements

Environmental Management System (EMS)

GReening business through the Enterprise Europe Network EN Giovanni FRANCO European Commission Enterprise and Industry EN

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

Higher Administration and IT Administrative Practices.

1 Environmental Management SMITE: 1 st Awareness Campaign Eng. Samer Abu Manneh.

SystematicSystematic process that translates quality policy into measurable objectives and requirements, and lays down a sequence of steps for realizing.

Tan Jenny 23 September 2009 SESSION 4: Understanding Your IT Control Environment & Its Readiness.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

An Introduction to Data Protection Auditing Stewart Dresner, Chief Executive Privacy Laws & Business 5th Floor, Raebarn House, 100, Northolt Road, Harrow,

Effectively applying ISO9001:2000 clauses 5 and 8

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Self Assessment Feedback Logistics R Us GOLD Member.

ISO Richard Welford CSR Asia © CSR Asia 2011.

WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.

Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

+ Regulation and Compliance Summary “ Making Great Ideas Become Reality”

ISO GENERAL REQUIREMENTS. ISO Environmental Management Systems 2 Lesson Learning Goals At the end of this lesson you should be able to: 

PIME 2004 Workshop Sustainable Development and Corporate Social Responsibility >> Report.

Balance Between Audit/Compliance and Risk Management- Best Practices FIRMA 21 st National Training Conference Julia Fredricks, U.S. Chief Compliance Officer.

Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.

Strategic Approaches to Improving Ethical Behavior

Session 7 Compliance failure policy. 1 Contents Part 1: COLP and COFA duties Part 2: What do we have to comply with and why does it matter? Part 3: Compliance.

1 The prospects of data breach laws in 18 European countries Stewart Dresner, Chief Executive, Privacy Laws & Business 11:30 a. m.11:30 a.m. Privacy in.

Competition and Markets Authority, consumer protection and HE admissions 12 October 2015 Dan Shaffer, Head of Professionalism in Admissions.

Legal framework Look at the legal compliance and framework a business is subject to.

Doc.JUDr.Soňa Skulová, Ph.D. Principles of Good Governance.

Audit Oversight in an Emerging Economy Bernard Peter Agulhas Chief Executive Officer Independent Regulatory Board for Auditors.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Business Strategy and Business Planning. Objectives Examples may include the following: Profit Maximisation Survival Market Growth Corporate Image Environmental.

VICTORIAN CHARTER OF HUMAN RIGHTS AND RESPONSIBILITIES.

Freedom of Information Requests. Information Management Framework Access to Information Access to Information Environmental Information Regulations 2004.

ISACA Accra, Kumasi Workshop September 2013 Business Continuity Management Compiled and presented by: Eric Magnusen ( BCM Consultant) BCM-Consult, Al Faslu.

© 2009 Michigan State University licensed under CC-BY-SA, original at Incident Management.

Sasol, a South African Success Story: Providing effective assurance on compliance to Audit Committees in a challenging economic climate.

Students’ Rights: The CMA and beyond

Accountability & Structured Privacy Management

Steve Barfoot, President Advantage International Registrar, Inc.

An Overview on Risk Management

Internal Control Principles

MGMT 452 Corporate Social Responsibility

SPA Programme outline 26/04/2018

What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.

MGMT 452 Corporate Social Responsibility

COMPLIANCE Challenges and opportunities for the legal profession

Monitoring the Funding of Political Parties & Electoral Campaigns

The Charles Hotel and Harvard Faculty Club

GENERAL DATA PROTECTION REGULATION (GDPR)

Stewart Dresner Chief Executive, Privacy Laws & Business

GDPR and paper records Why it’s not all cyber and fines Gary Shipsey

Agenda Who are we? 1 Introductions Journey so far 2

The Charles Hotel and Harvard Faculty Club

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

Developing & implementing business strategy

Information management and communication

Health and Safety! By jack Hughes.

Chapter 8 Developing an Effective Ethics Program

Risk Management: why and how to protect your health center

GDPR enforcement begins

H Horse Care H2.7b Improve Practices

ISO management systems

Project proposal for ISO 14001:2015 implementation

What is an Internal Audit

Key challenges in Prioritization – Small and Big Agency Perspectives

Getting Ready For GDPR Simon Marks Director

Presentation transcript:

Managing Privacy in a Global Organization Stewart Dresner Chief Executive, Privacy Laws & Business 5th floor, Raebarn House, 100, Northolt Road, Harrow, Middlesex, HA2 0BX, United Kingdom Tel: + 44 208 423 1300 Fax: + 44 208 423 4536 E-mail stewart@privacylaws.com www.privacylaws.com

Contents 1. Fundamental differences between US, Europe and Asia 2. Implementation requires a balance between a legally correct policy and everyday procedures 3. Staff training 4. Credible privacy audits 5. Penalties and sanctions 6. Integrating privacy into your business strategy

Fundamental differences US/Europe 1. European law/rights based privacy compared with US transaction/sectoral approach. 2. Frustration when IT systems cannot be used as intended - often alternative legal approach after discussion 3. Need to understand the European Union’s approach and the Member States’ differences 4. Success = balancing details and the big picture

Implementation: A balance between a legal policy and everyday procedures 1. Key to success is the ability of the CPO to make privacy policy compatible with the corporate culture 2. Why legal advice is necessary but not sufficient 3. Legal advice may be correct but must be in plain language to be really useful 4. Some legal advice may be too cautious 5. Advice relevant to each department/level of staff? 6. How do you know?

Staff awareness and training 1. All managers and staff handling personal data 2. Relevant messages in their operational context 3. All staff dealing with customers and prospects 4. Check messages understood and implemented 5. Advantages and disadvantages of internal/ external training provider 6. Training needs to be repeated and updated 7. Managing privacy is never a quick fix

Why Audit? The key reasons for carrying out audit activities are: 1. To assess the level of compliance with national privacy laws 2. To assess the level of compliance with the organization’s own privacy compliance system 3. To identify potential gaps and weaknesses in the privacy law system 4. To provide information for a privacy compliance system review

What should you audit? 1. Retention - appropriate weeding and deletion of information 2. Documentation on authorised use of systems, e.g. codes of practice, guidelines etc. 3. Compliance with individuals’ rights, such as right of access to information 4. Compliance with privacy laws in the context of other pieces of legislation such as human rights laws and freedom of information laws

Penalties and sanctions 1. Enforcement by privacy regulators - criminal law 2. Civil suits for damage and distress 3. Negative publicity from media coverage - loss of consumer confidence 4. Withdrawal of privacy seals 5. Opportunity cost of having not taken privacy seriously and consequences for future marketing

Integrating privacy into business strategy 1. CPO can try to influence top management - parallel with environmental issues 2. Stress the positive aspects of privacy 3. Transforming risk assessment into everyday compliance with privacy laws 4. Privacy as a competitive advantage 5. Integrating privacy into your business strategy - Brand value - Reputation