Corporate Data Privacy Programs
Implementing a Data Privacy Program at any organization can produce many challenges and ultimately be a daunting task to undertake. Sunera’s proven privacy program framework implementation methodology can streamline much of the work and ensure the successful establishment of a corporate privacy framework.
All of Sunera’s data privacy services center around our best practices framework. As depicted in the figure below, obtaining executive sponsorship at the start of a data privacy initiative often determines its success. Privacy possesses a unique challenge to organizations since privacy programs typically span most departments and operations.
Once sponsorship and awareness have been established with senior management, we then commence with the following:
- assessing the organization’s privacy risk;
- designing a privacy framework tailored to the organization’s business;
- creating policies and procedures to meet the objectives of the privacy framework;
- implementing applicable privacy principles across business lines;
- heightening employee awareness throughout the organization; and,
- developing a continuous monitoring program to validate compliance with privacy principles.
Following the privacy risk assessment, and based on the defined risks and classification types, privacy principles (i.e. privacy protection best practices) will be implemented as deemed appropriate by the corresponding privacy risk. Most organizations choose to align with the generally accepted privacy principles (GAPP) because they align with the principles found in many principles-based privacy laws from around the world.
A critical step of ensuring all privacy principles or procedures are implemented and are in compliance with the privacy framework often requires the development of new processes within the organization to address privacy risks and meet the objectives of privacy regulations. Once the privacy framework and corresponding polices have been developed, it is time to ensure all employees are made aware of the privacy objectives through training. Common delivery methods for the data privacy awareness training include interactive web based training sessions or live group interactive training classes.
Finally, we validate compliance with the privacy framework. This is accomplished with an annual self-assessment process and audits of high-risk areas. It is also important to periodically re-assess the organization’s privacy risks as changes to the ranking of risks (i.e., likelihood of risk, severity of risk) may necessitate corresponding changes to the organization’s privacy policies and procedures.
