Privacy by Design Discussions Dr. Marilyn Prosch, CIPP Arizona State University September 22, 2009.

Slides:



Advertisements
Similar presentations
Organizational Governance
Advertisements

S - 1 Privacy. S - 2 Panel on Privacy Moderator: Robert Parker, UWCISA - The AICPA-CICA Privacy Maturity Model Presenters: Michelle Chibba, Office of.
18 September 2003CSR Practice - Private Sector Development Vice Presidency1 Public Policy, CSR & El Salvador The World Bank Corporate Social Responsibility.
Types of Cost Sharing Mandatory: When the sponsor stipulates that cost sharing or matching funds are required as a condition of receiving an award. Specifically.
Subcontracts Subcontractor or Vendor How do you know?
BNSF Ethics and Compliance Program Roger Nober Executive Vice President Law and Secretary July 13, 2011.
©2006 OLC 1 Process Management: The Foundation for Achieving Organizational Excellence Process Management Implementation Worldwide.
The Internet industry’s privacy seal program Silicon Valley Web Guild.
Adopt & Adapt Tips on Enterprise Data Management Annette Pence September 10, 2009 MITRE.
Caribbean Indigenous Banks Anti-Money Laundering Survey
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
An Overview of SaaS – And some privacy questions Based on work by Julie Smith David and Michael T. Lee, sponsored by CABIT and the Society for Information.
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 8: Developing an Effective Ethics Program.
Software Process CS 414 – Software Engineering I Donald J. Bagert Rose-Hulman Institute of Technology December 17, 2002.
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Supplier Ethics: Program Checklist
Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
Bridge Design-Rating 2014 Administrative Overview RADBUG Meeting Traverse City, MI Judy B. Skeen, P.E.
BRIEFING TO THE PORTFOLIO COMMITTEE ON THE DPSA’S RISK MANAGEMENT STRATEGY PRESENTATION TO THE PORTFOLIO COMMITTEE 12 MAY
Safety and Loss Control
Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
Information Asset Classification
Project Management Methodology More about Quality Control.
Effective Methods for Software and Systems Integration
Chapter : Software Process
Staff Structure Support HCCA Special Interest Group New Regulations: A Strategy for Implementation Sharon Schmid Vice President, Compliance and.
Compliance Presented by: Marty McNulty, ARMA Board Member.
The Key Process Areas for Level 2: Repeatable Ralph Covington David Wang.
Service Organization Control (SOC) Reporting Options and Information
Software Engineering II Lecture 1 Fakhar Lodhi. Software Engineering - IEEE 1.The application of a systematic, disciplined, quantifiable approach to the.
Implementing and Auditing Ethics Programs
Manitoba Pork Council Loss Prevention Program Strategy A Detailed Explanation of the Loss Prevention Program Miles Beaudin, MBA, BSc.Ag., P.Ag.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
J. R. Burns, Texas Tech University Capability Maturity Model -- CMM n Developed by the Software Engineering Institute (SEI) in 1989 –SEI is a spinoff.
Compliance and Ethics Training Overview
Developing an Effective Ethics Program
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
Implementing and Auditing Ethics Programs
1 The Auditor’s Perspective Division of Sponsored Research Research Administration Training Series Presented by: Joe Cannella Audit Manager,
GBA IT Project Management Final Project - Establishment of a Project Management Management Office 10 July, 2003.
VPA Impact Monitoring. an “evidence-based policy cycle” reiterative/adjustable to steer by based on reality checks to show if implementation leads to.
10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.
Environmental Management System Definitions
Federal Energy Regulatory Commission Role Of The Market Monitor: ISO New England Dr. Hung-po Chao Director, Market Monitoring FERC Open Meeting Washington,
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
SWEN 5130 Requirements Engineering 1 Dr Jim Helm SWEN 5130 Requirements Engineering Requirements Management Under the CMM.
University of Sunderland COM369 Unit 6 COM369 Project Quality Unit 6.
Conducting Clinical Risk Assessments And Implementing Compliance Practices Jane L. Stratton Chiron Corporation VP/Associate General Counsel Chief Compliance.
Integrating Environmental, Safety, and Quality Management System Audits David Skipper UT-Battelle Environmental Protection Services Manager August 27,
Ch-1 Introduction The processes used for executing a software project have major effect on quality of s/w produced and productivity achieved in project…
Level 1 Level 1 – Initial: The software process is characterized as ad hoc and occasionally even chaotic. Few processes are defined, and success depends.
Institute of Internal Auditors COBIT Presentation October 9, 2001.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Responsible Care® Awareness for Managers 1. DISCUSSION POINTS 2 WHAT IS RESPONSIBLE CARE®? FEATURES OF RESPONSIBLE CARE® HOW DOES RESPONSIBLE CARE® ADD.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.
1 PRESENTATION TO THE PORTFOLIO COMMITTEE OF MINERAL RESOURCES. STATEGIC PLAN 2014/19 DATE: 8 JULY 2014 Programme Financial Administration.
GOVERNANCE. In the year under review the DoW has a Risk Management Committee that meets to monitor the implementation of risk management initiatives and.
SOLGM Wanaka Retreat Health and Safety at Work Act 2015 Ready? 4 February 2016 Samantha Turner Partner DDI: Mob:
Done By: Asila AL-harthi Fatma AL-shehhi Fakhriya AL-Omieri Safaa AL-Mahroqi.
Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Page 1 Portfolio Committee on Water and Environmental Affairs 14 July 2009.
Corporate Governance Week 10 BUSN9229D Saib Dianati.
Using GAO’s Fraud Risk Management Framework
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Software Engineering Lecture 16.
Agenda Why this group exists Who is behind it
Presentation transcript:

Privacy by Design Discussions Dr. Marilyn Prosch, CIPP Arizona State University September 22, 2009

Privacy by Design Change made retroactively always cost more!

What are the costs associated with changes Time Resources Morale Possibility of ultimately inferior output

Consider Facebook Member of the Canadian federal Privacy Office spent 30 days at Facebook’s office investigation Facebook has committed to using its best efforts to roll out the permissions model by September 1, In the meantime, Facebook will oversee the applications developers’ compliance with contractual obligations. Since the conclusion of the investigation, Facebook has provided us with detailed information on its oversight activities, and I am satisfied that it will be a useful means of monitoring developers’ compliance with Facebook’s Statement of Rights and Responsibilities, in the interim. Facebook has also agreed to a test of the model by an expert third party, prior to its implementation, to ensure that the new model meets the expectations of our report and the company’s subsequent undertakings.

5 Maturity Model Organizations may be in different implementation phases of their privacy program An objective assessment of the maturity level of the program is a key step in assessing if the organization is ready to undergo a privacy audit (either internal or external) Organizations at a low maturity level most likely will lack the foundations needed, and will be better served by developing the existing privacy infrastructure

6 Privacy Maturity Model The AICPA and CICA Privacy Task Force is developing a Privacy Maturity Model The model is based on the U.S. Department of Defense Software Engineering Institute’s CMM model The six levels are: ◦ Non-Existent – Management process are not applied at all ◦ Ad Hoc – Processes are ad hoc and disorganized ◦ Repeatable – Processes follow a regular pattern ◦ Defined – Processes are documented and communicated ◦ Managed – Processes are monitored and measured ◦ Optimized – Best practices are followed and automated

7 Privacy Maturity Model

We are interested in conducting rigorous and useful research Let’s consider the following model and discuss what areas concern you and/or your organization about privacy and what we can do to move organizations along the privacy maturity model

ProgramsGoals Resource Allocations Corporate Culture Fiscal Viability Expectations Compliance Community Involvement Environmental Improvements Economic Benefits Education Support Create a Privacy Culture, Cavoukian, 2008 Privacy Payoff, Cavoukian & Hamilton, 2008 Customer Churnrate, Ponemon 2007 Privacy Cultural Lag Theory, Prosch 2008 FTC Sanctions State Attorney Generals EU Safe Harbor Privacy Policies Chief Privacy Officer Privacy Enhancing Technologies Privacy Audit Privacy Maturity Lifecycle, Prosch 2008 Privacy Payoff, Cavoukian & Hamilton, 2008 Reducing data pollution: Reducing identify theft risk, Unnecessary workplace Monitoring, cyberbullying, etc. Educating customers/employees Rights & obligations in process Allowing constituents a “voice” in privacy design Nehmer & Prosch 2009 Model of Privacy Corporate Responsibility Based on Dillard & Layzell’s 2008 Model

Discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.