Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Privacy in a Global Organization

Published byPrimrose McLaughlin Modified over 6 years ago

Similar presentations

Presentation on theme: "Managing Privacy in a Global Organization"— Presentation transcript:

1 Managing Privacy in a Global Organization
Stewart Dresner Chief Executive, Privacy Laws & Business 5th floor, Raebarn House, 100, Northolt Road, Harrow, Middlesex, HA2 0BX, United Kingdom Tel: Fax:

2 Contents 1. Fundamental differences between US, Europe and Asia
2. Implementation requires a balance between a legally correct policy and everyday procedures 3. Staff training 4. Credible privacy audits 5. Penalties and sanctions 6. Integrating privacy into your business strategy

3 Fundamental differences US/Europe
1. European law/rights based privacy compared with US transaction/sectoral approach. 2. Frustration when IT systems cannot be used as intended - often alternative legal approach after discussion 3. Need to understand the European Union’s approach and the Member States’ differences 4. Success = balancing details and the big picture

4 Implementation: A balance between a legal policy and everyday procedures
1. Key to success is the ability of the CPO to make privacy policy compatible with the corporate culture 2. Why legal advice is necessary but not sufficient 3. Legal advice may be correct but must be in plain language to be really useful 4. Some legal advice may be too cautious 5. Advice relevant to each department/level of staff? 6. How do you know?

5 Staff awareness and training
1. All managers and staff handling personal data 2. Relevant messages in their operational context 3. All staff dealing with customers and prospects 4. Check messages understood and implemented 5. Advantages and disadvantages of internal/ external training provider 6. Training needs to be repeated and updated 7. Managing privacy is never a quick fix

6 Why Audit? The key reasons for carrying out audit activities are:
1. To assess the level of compliance with national privacy laws 2. To assess the level of compliance with the organization’s own privacy compliance system 3. To identify potential gaps and weaknesses in the privacy law system 4. To provide information for a privacy compliance system review

7 What should you audit? 1. Retention - appropriate weeding and deletion of information 2. Documentation on authorised use of systems, e.g. codes of practice, guidelines etc. 3. Compliance with individuals’ rights, such as right of access to information 4. Compliance with privacy laws in the context of other pieces of legislation such as human rights laws and freedom of information laws

8 Penalties and sanctions
1. Enforcement by privacy regulators - criminal law 2. Civil suits for damage and distress 3. Negative publicity from media coverage loss of consumer confidence 4. Withdrawal of privacy seals 5. Opportunity cost of having not taken privacy seriously and consequences for future marketing

9 Integrating privacy into business strategy
1. CPO can try to influence top management - parallel with environmental issues 2. Stress the positive aspects of privacy 3. Transforming risk assessment into everyday compliance with privacy laws 4. Privacy as a competitive advantage 5. Integrating privacy into your business strategy - Brand value - Reputation

Download ppt "Managing Privacy in a Global Organization"

Similar presentations

Managing Risk: A Framework and Reporting Cycle 2014.

Managing Risk: A Framework and Reporting Cycle 2014.
Environmental Management System (EMS)

Environmental Management System (EMS)
GReening business through the Enterprise Europe Network EN 16001 Giovanni FRANCO European Commission Enterprise and Industry EN 16001.

GReening business through the Enterprise Europe Network EN Giovanni FRANCO European Commission Enterprise and Industry EN
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Higher Administration and IT Administrative Practices.

Higher Administration and IT Administrative Practices.
1 Environmental Management SMITE: 1 st Awareness Campaign Eng. Samer Abu Manneh.

1 Environmental Management SMITE: 1 st Awareness Campaign Eng. Samer Abu Manneh.
SystematicSystematic process that translates quality policy into measurable objectives and requirements, and lays down a sequence of steps for realizing.

SystematicSystematic process that translates quality policy into measurable objectives and requirements, and lays down a sequence of steps for realizing.
Tan Jenny 23 September 2009 SESSION 4: Understanding Your IT Control Environment & Its Readiness.

Tan Jenny 23 September 2009 SESSION 4: Understanding Your IT Control Environment & Its Readiness.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
An Introduction to Data Protection Auditing Stewart Dresner, Chief Executive Privacy Laws & Business 5th Floor, Raebarn House, 100, Northolt Road, Harrow,

An Introduction to Data Protection Auditing Stewart Dresner, Chief Executive Privacy Laws & Business 5th Floor, Raebarn House, 100, Northolt Road, Harrow,
Effectively applying ISO9001:2000 clauses 5 and 8

Effectively applying ISO9001:2000 clauses 5 and 8
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Self Assessment Feedback Logistics R Us GOLD Member.

Self Assessment Feedback Logistics R Us GOLD Member.
ISO 26000 Richard Welford CSR Asia www.csr-asia.com © CSR Asia 2011.

ISO Richard Welford CSR Asia © CSR Asia 2011.
WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.

WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.
Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.

Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
+ Regulation and Compliance Summary “ Making Great Ideas Become Reality”

+ Regulation and Compliance Summary “ Making Great Ideas Become Reality”

Similar presentations

Ads by Google