Before you begin creating a culture of privacy, learn the key components of a privacy program that every organization should have in place.
- So you want to create a culture of privacy but first you have to get the basics right. So let's talk about how you do that. First identify someone in your organization who is passionate about the issue of privacy. They will need a strong understanding of various laws and regulations your company will need to comply with. If your organization already has someone designated as the chief privacy officer or head of privacy then you're already well on your way. But if you do not already have someone in this role it's important to find someone higher up in the organization who is able to serve as the company champion of privacy.
In addition you should have the data breach plan that can be put into action should the worst case scenario occur. And in reality as most security and privacy folks will tell you a breach is not a matter of if but when. In addition to these basics if you're doing business in Europe, Asia or Latin America there will be other documents you're going to need to put in place as well. Third, think about your employees. You should also have a privacy notice in place that tells your employees what data you collect from them, how you use it and who you share it with.
Make sure they understand their rights with respect to the emails, photos, and other personal items they may have on their company owned devices as opposed to the companies right to access this data in the event of a lawsuit or investigation. Fourth, if you haven't already conduct a gap assessment. Find out where personal information exists in your organization, how it is being used, what controls are in place and how data is currently being handled. There are multiple vendors that offer this type of gap analysis and this is a good first step in gaining objective data about your companies level of compliance.
This will help build awareness and support amongst the senior leadership for advancing your privacy program. Finally, you need to make sure you have a process in place for reviewing and documenting privacy risks within your organization. Often times companies require all products to be reviewed by a team of lawyers before they can be shipped. You can add privacy to the list of issues those lawyers should be reviewing. You then want to teams to document those decisions so if a new product blows up in the press or regulator ever comes knocking, you can go back and explain how your company thought threw the privacy risks.
So let's review the key things you need to have to get the basics right. First you need someone in your organization who is responsible for privacy both externally and internally. Second, you need to prepare documentation outlining your policies and procedures with respect to privacy. Third, you should also have a privacy notice in place that tells your employees what data you collect from them, how you use it, and who you share it with. Fourth you need to conduct a gap assessment.
And finally put a process in place for reviewing products to ensure they have been designed with privacy in mind.
In this course, Kalinda Raina, head of global privacy at LinkedIn, shows how to create a successful privacy program by building privacy into the very foundation of your company culture. Learn what privacy is, why it matters, and how to develop a privacy program that serves the interest of not only your customers, but your company as well. Discover how to tie your policies back to your corporate values, enlist privacy advocates from every level of the organization, and build privacy into the product development cycle.
- Privacy regulations
- Assessing your privacy program
- Tying privacy to your corporate mission
- Creating privacy advocates
- Building privacy into your products
- Integrating privacy into the existing business