Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Published byChester McKinney Modified over 9 years ago

Similar presentations

Presentation on theme: "Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc."— Presentation transcript:

1 Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

2 Privacy Program Organizational structure Staffing Policy and procedure development and implementation Interdepartmental collaboration External collaboration Subsidiaries/affiliates Privacy breach investigations and incident response Culture

3 Organizational Structure Centralized Model –Accountability and oversight known to all –Management hierarchy allows issues to be resolved quickly –Better able to match strategic direction with corporate mission and value statement Decentralized Model –Everyone accountable for his/her own actions –Compliance more embedded in minds of individuals and more part of overall corporate culture

4 Staffing Chief Privacy Officer –Management level (executive, senior management recommended) –Visible –Attorney? –Information security accountability? Subject matter experts –Legal compliance –Information security –Customer service –Sales, marketing? –Other? Operational staffing –Ability to communicate well with others –Ability to lead projects –Some subject matter expertise

5 Policy & Procedure Development and Implementation Legislative review and comment Identification of regulatory obligations and risk management posture Consumer attitude survey review Provide analysis and requirements to affected business units Oversight of business unit compliance or direct project oversight Executive steering committee? Training and communication of new policy/procedure/process (multi-channel) to all or to management (train the trainer) Compliance monitoring, assessment, enforcement

6 Interdepartmental Collaboration Legal Other compliance departments Internal audit Customer-focused business units Physical security and safety Information security Sales and marketing Public relations, media relations Informatics and reporting Information systems Government/regulatory affairs eCommerce Human resources/employee relations Risk management

7 External collaboration Federal and state government and regulatory bodies Customers Media Vendors Outside counsel Business partners Data protection authorities (global) Law enforcement Professional organizations

8 Subsidiaries and Affiliates Reporting relationships Oversight and accountability Ownership and status designation Committees Differing business needs Differing regulatory requirements Global versus domestic

9 Privacy Breach Investigations and Incident Response Fact gathering, interviews, forensics Corrective action plan Mitigation of damages Employee discipline Security incident per state or federal law? Notifications Post-incident reporting to management (Compliance Committee) Privacy incident response team –Privacy Officer –Information Security Officer –Safety and Security Officer –Legal –Corporate communications, media relations –Affected party –Affected business unit

10 Culture Legal compliance requirements Risk management posture Consumer attitude considerations Ethics (“doing the right thing”) Treating the confidential information as if it were your own

Download ppt "Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc."

Similar presentations

Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.

Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.
Copyright © 2009, IMRE, LLC SETTING SOCIAL MEDIA POLICY Novemeber 5, 2009.

Copyright © 2009, IMRE, LLC SETTING SOCIAL MEDIA POLICY Novemeber 5, 2009.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Fraud Auditing Chapter 11.

Fraud Auditing Chapter 11.
11 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Fraud Auditing Chapter 11.

©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Fraud Auditing Chapter 11.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Information Systems Security Officer

Information Systems Security Officer
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Corporate Ethics Compliance *

Corporate Ethics Compliance *
The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.

The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.
Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.

Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.
National Association of College and University Attorneys 1 November 11, 2009 NACUA Fall 2009 Workshop November 2009.

National Association of College and University Attorneys 1 November 11, 2009 NACUA Fall 2009 Workshop November 2009.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM 817.352.4929 or

Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
Session No. 3 ICAO Safety Management Standards ICAO SMS Framework

Session No. 3 ICAO Safety Management Standards ICAO SMS Framework
1.  The views expressed are those of the speaker and do not necessarily reflect the views of the Federal Reserve Board of Governors, or the Federal Reserve.

1.  The views expressed are those of the speaker and do not necessarily reflect the views of the Federal Reserve Board of Governors, or the Federal Reserve.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
© 2010 Dorsey & Whitney LLP Social Media Friday, September 17, 2010 The Committee on Finance & Information Technology (CFIT)

© 2010 Dorsey & Whitney LLP Social Media Friday, September 17, 2010 The Committee on Finance & Information Technology (CFIT)
The Institutionalization of Business Ethics

The Institutionalization of Business Ethics

Similar presentations

Ads by Google