Presentation is loading. Please wait.

Presentation is loading. Please wait.

1. Scope of Application 2. Use Case Actors Data Flows Touch Points Initial PI 3. PI - at Touch Points In Internal Out 4. PI - Operational Privacy Policies.

Published byKelly Andrews Modified over 8 years ago

Similar presentations

Presentation on theme: "1. Scope of Application 2. Use Case Actors Data Flows Touch Points Initial PI 3. PI - at Touch Points In Internal Out 4. PI - Operational Privacy Policies."— Presentation transcript:

1 1. Scope of Application 2. Use Case Actors Data Flows Touch Points Initial PI 3. PI - at Touch Points In Internal Out 4. PI - Operational Privacy Policies Inherited Internal Exported 5. Privacy Management Services at each Touch Point – Policies Define policy requirements associated with each Service 6.Privacy Management Services at each Touch Point – Operational Functions Define functions associated with each service 7. Risk Assessment and Iteration Overview of Privacy Management Reference Model

2 Phase 1: Scope of Application DEFINE SCOPE OF APPLICATION IMPACTING PERSONAL INFORMATION Define the particular business system, process(es), product(s), environment, service(s), system(s), data, and application(s) which will impact the collection, communication, processing, storage or destruction of PI or PII

3 Phase 2: Use Case Develop a Use Case that can be used to conduct a privacy impact assessment or Accountability Review and the subsequent application of the PMRM Provide details of the business processes and data flows using a data lifecycle description model Provide the level of detail needed to include all actors, touch points, processing and other data management actions, and policy points Actors Data Flows Touch Points Initial PI

4 Phase 3: PI - at Touch Points Define PI collected, processed, communicated, stored and destroyed Flows in Internal Flows out

5 Phase 4: PI - Operational Privacy Policies Define policy requirements system- wide and, if necessary, associated with each touch point Define FIP/Ps expressed as operational requirements linked to each PI element or sets of PI elements at each Touch Point

6 5: Services at each Touch Point – Policy Select PMRM services necessary to support policy requirements Core Policy, Assurance, Presentation and Lifecycle Define the operational policy requirements associated with each service

7 Phase 6: Services at each Touch Point – Operational Functions Define implementation mechanisms to support the policy requirements associated with each service Conduct detailed operational risk assessmentSelect controls needed to mitigate risks Determine if changes are needed and modify controls, mechanisms, operational requirements and policies as necessary

8 Phase 7: Risk Assessment Conduct detailed operational risk assessmentSelect controls needed to mitigate risks Determine if changes are needed and modify controls, mechanisms, operational requirements and policies as necessary

Download ppt "1. Scope of Application 2. Use Case Actors Data Flows Touch Points Initial PI 3. PI - at Touch Points In Internal Out 4. PI - Operational Privacy Policies."

Similar presentations

Micro Assessment. What is a Micro Assessment? An assessment of the adequacy of the implementing partners financial management systems and internal controlsAn.

Micro Assessment. What is a Micro Assessment? An assessment of the adequacy of the implementing partners financial management systems and internal controlsAn.
Privacy By Design Sample Use Case

Privacy By Design Sample Use Case
Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Project Selection Overview By Tim Washington September 14 th, 2011.

Project Selection Overview By Tim Washington September 14 th, 2011.
Ambition in Action. Ambition in Action www.sit.nsw.edu.au Preparing and Presenting an Effective Business Case Presentation to HIMAA July 2010.

Ambition in Action. Ambition in Action Preparing and Presenting an Effective Business Case Presentation to HIMAA July 2010.
Privacy By Design Draft Privacy Use Case Template

Privacy By Design Draft Privacy Use Case Template
Privacy Evaluation Methodology (PEM) v1.0 Overview IDESG Privacy Committee James R. Elste Dr. Stuart Shapiro February 2013.

Privacy Evaluation Methodology (PEM) v1.0 Overview IDESG Privacy Committee James R. Elste Dr. Stuart Shapiro February 2013.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
1 IBM Software Group ® PRJ270: Essentials of Rational Unified Process Module 3: RUP Structure and Navigation.

1 IBM Software Group ® PRJ270: Essentials of Rational Unified Process Module 3: RUP Structure and Navigation.
Define & Compare Flowcharts of Each Method Tom Delong.

Define & Compare Flowcharts of Each Method Tom Delong.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
By: Ashwin Vignesh Madhu

By: Ashwin Vignesh Madhu
RISK IDENTIFICATION IN PAYMENT METHOD. OVERVIEW OF FINANCING METHODS: Risk Identification and Mitigation –Cash in Advance When It is Used Risk to Importer.

RISK IDENTIFICATION IN PAYMENT METHOD. OVERVIEW OF FINANCING METHODS: Risk Identification and Mitigation –Cash in Advance When It is Used Risk to Importer.
Service Level Agreements. Introduction  Pre IT economies, services contracted out were remote from the core business activities of the customer. Most.

Service Level Agreements. Introduction  Pre IT economies, services contracted out were remote from the core business activities of the customer. Most.
LSU 10/09/2007System Design1 Project Management Unit #2.

LSU 10/09/2007System Design1 Project Management Unit #2.
EPLC Deliverables Sherry Brown-Scoggins & Wanda Hall

EPLC Deliverables Sherry Brown-Scoggins & Wanda Hall
Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.

Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.
Information Asset Classification

Information Asset Classification
Effective Methods for Software and Systems Integration

Effective Methods for Software and Systems Integration

Similar presentations

Ads by Google