Tips on Privacy Audits and Assessments Insurance Consumer Affairs Exchange October 2, 2005 Kirk Herath, CPO & Associate General Counsel, Nationwide Insurance.

Slides:



Advertisements
Similar presentations
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Advertisements

International partnership of law companies Customs & Corporate Lawyers, based on the principles of observance of high professional standards, mutual trust,
Regulators’ Code July Regulators’ Code A statutory Code Came into effect in April 2014, replacing the Regulators’ Compliance Code All local authorities.
Auditing, Assurance and Governance in Local Government
STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)
Developing a Records & Information Retention & Disposition Program:
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Purpose of the Standards
Outsourcing Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
E XAMINATION AND E NFORCEMENT I SSUES : B EYOND T HE P ILLARS The AMLA Third Annual Full Day BSA/AML Conference October 4, 2013 Presented by: John M. Geiringer.
Vendor Risk: Effective Management is Essential
Service Organization Control (SOC) Reporting Options and Information
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
Advanced Program in Auditing and Accounting Regulation Module 12 Enhancing Statutory Audit Quality from a Financial Regulator’s Perspective Presenter:
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Conducting Clinical Risk Assessments And Implementing Compliance Practices Jane L. Stratton Chiron Corporation VP/Associate General Counsel Chief Compliance.
What Keeps Your Board Up at Night? Sylvia Kerrigan, Exec. VP, General Counsel & Secretary – Marathon Oil Sean Gorman, Partner – Bracewell & Giuliani.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Sandler & Travis Trade Advisory Services, Inc. Reducing Risk Through Internal Training: Measurement tools to assess training success WESCCON October 16,
178, 178, , 108, , 208, 80 67, 184, 211 0, 99, 178 STAR-Transition Project October 2011.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
When things go wrong: reducing the risk of FCA enforcement action Birmingham 2016 Insurance and Financial Services Conference Wednesday, 18 June 2016 Jonathan.
OVERSIGHT part II - practical issues Carlo Winder 9th Conference on Payments and Securities Settlement Systems, Ohrid, 5-8 June 2016.
What is ISO 9001? ISO 9001 is a standard that sets out the requirements for a quality management system. It helps businesses and organizations to be more.
Law Firm Data Security: What In-house Counsel Need to Know
GDPR 12 POINTS 679/2016 DATA LEX 2016.
CPA Gilberto Rivera, VP Compliance and Operational Risk
What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.
Data Minimization Framework
Developing an Effective Ethics Program
6th Asian Roundtable on Corporate Governance Theme II, Session 2 Ensuring Capacity, Integrity and Accountability of Regulators and Supervisors Jaweria.
Privacy principles Individual written policies
Regulatory Compliance
Microsoft 365 Get help with regulatory compliance
Auditor Training Module 1 – Audit Concepts and Definitions
Auditing Cloud Services
Service Organization Control (SOC)
Data protection issues in regulatory investigations
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
Data Protection Legislation
Microsoft Corporation
Chapter 3: IRS and FTC Data Security Rules
ICP 13 and Assessing Observance
Radar Watchkeeping: Have you monitored your Communication department’s radar to avoid collisions with the new Regulation? 43rd EDPS-DPO meeting, 31 May.
GDPR and paper records Why it’s not all cyber and fines Gary Shipsey
Michael Brauneis Managing Director Chicago Office
General Counsel and Chief Privacy Officer
Other Assurance Services
#IASACFO.
Current Privacy Issues That May Affect Your Credit Union
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
General Data Protection Regulation
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Health Care: Privacy in a Digital Age
Data Protection and Audit
Chapter 8 Developing an Effective Ethics Program
GDPR enforcement begins
Lesson 1  7 Basic Components of an Effective Compliance Plan
 GDPR Readiness Quiz Quick Insight: Quick Insight: Quick Insight:
Certified Information Technology Professional (CITP) Credential
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT Topic 5.
“Seven-minute Staff Meeting”
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Data Privacy by Design Expanding Security for bepress Users
A. Šidlauskas Mykolas Romeris University (LITHUANIA)
Presentation transcript:

Tips on Privacy Audits and Assessments Insurance Consumer Affairs Exchange October 2, 2005 Kirk Herath, CPO & Associate General Counsel, Nationwide Insurance Companies 1/17/2019 Attorny-Client Work Product -- Priviledged and Confidential

Compliance Monitoring Compliance Monitoring can take many forms: Audits   Market Conduct Exams Self assessments Third party assessments 1/17/2019

Critical Success Factor Critical Success Factor to meet compliance monitoring is a fully and formally documented Privacy Program to include all: Policies Procedures Controls 1/17/2019

AICPA Privacy Framework as a Model We used the AICPA Privacy Framework as our model. Ten Principles of a sound Privacy Program: Privacy Management Notice Choice & Consent Collection   Use & Retention Access Security Monitoring & Enforcement 1/17/2019

Know Your Business Units Know your Business Units via SAP’s (Singularly Accountable Person) in the business and functional Units. Conduct BU Privacy Self Assessments to gain granular insight in privacy practices and target those BU’s that use PII. Meet regularly with BU SAPs. Form a Virtual Privacy Office. 1/17/2019

Have a Broad Reach Have a Broad Reach. Form Partnerships with Internal Audits, Security, Compliance, Customers Relations. Leverage each others work and knowledge of business 1/17/2019

Internal Audits A partnership with Internal Audits is valuable particularly in the IT and Security Areas. However, Internal Audits may not have a comprehensive and in depth knowledge of regulatory and statutory rules nor knowledge of internationally recognized privacy principles. A privacy subject matter expert imbedded in audits may not be cost effective. If Internal Audits does request a review or, in fact, you ask for a review, be certain the audit plan, scope and objectives are clearly and concisely defined. (You can not be responsible for controls and practices you do not have authority to implement i.e. encryption.) 1/17/2019

Be pro-active in inviting audits, assessments and reviews. Supports ongoing updates and “currency” to policies, procedures and controls, due diligence and transparency. 1/17/2019

Third Party Assessment Consider an external third party assessment. Many firms have expertise in the privacy space and experience in auditing privacy programs. 1/17/2019

See an audit or assessment as a risk management opportunity. One that can affirm your approach is reasonable and robust. Or provide you with insight as to how to reduce your risk. 1/17/2019

If you fear an audit you very well may have reason to be afraid. Be Prepared. 1/17/2019

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.