Professional Documents
Culture Documents
on DPIA/PIA requirements
November 10, 2016
Todays Speakers
Beth Sipula
Senior Privacy Consultant
TRUSTe
Paul Iagnocco
Chief Privacy Officer
Kellogg
2
TRUSTe Inc., 2016
PIA definition
4
TRUSTe Inc., 2016
Poll Question #1
Does your organization have a PIA process in place?
1. Yes
2. No
5
TRUSTe Inc., 2016
6
TRUSTe Inc., 2016
Poll Question #2
How many PIAs will your organization complete in 2016?
1. Less than 10
2. 11 - 50
3. 51-100
4. 100+
5. I have no idea
7
TRUSTe Inc., 2016
8
TRUSTe Inc., 2016
9
TRUSTe Inc., 2016
10
TRUSTe Inc., 2016
Global Privacy
Office
established in
August 2015
4 Strategic Pillars
Build a Global
Capability
Types of Data
Held
Employee
(PII, PFI, PHI)
Ensure Compliance
& Education
Consumer
(PII)
Champion Privacy
Advocacy
Reporting Line
A function within
Global Legal &
Compliance
CPO reports directly
to Chief Counsel
(access to Global
General Counsel & Vice
Chair of Company)
12
TRUSTe Inc., 2016
IT Security
Global
Privacy
Office
strategy
training content
Defines
the
what
Determines
the
how
Regional/Local
Business
Functions
execute strategy
conduct training
business compliance
Execute compliance
Internal
Audit
13
TRUSTe Inc., 2016
Notice
Choice
Use
Access
Confidentiality
Availability
Integrity
IT Security
14
TRUSTe Inc., 2016
Know your
key PIA
stakeholders
Align on the
role of a PIA
Design the
PIA workflow
Build and
implement
the PIA
solution
Refine and
scale the
PIA Process
15
TRUSTe Inc., 2016
Risk Management
Procurement
IT Security
Human Resources
Marketing
Internal Audit
Outside Consultants
N/A
16
TRUSTe Inc., 2016
Data Collection
Access
Data Security
17
TRUSTe Inc., 2016
Recommendation:
Again start small and scale. Look at how new
data processes and vendor agreements/SOWs
commence. Review existing workflows and
determine best means to intersect without being
disruptive.
Process starts in
Contract
Database
Privacy
Threshold
Questions
Answered
PIA Published
and Vendor
Responds
Responses
Reviewed by
Legal and IT
Security
MSA Approved
and Filed
Changes
negotiated in
MSA
18
TRUSTe Inc., 2016
3.
4.
5.
6.
7.
File
2.
3.
4.
5.
6.
7.
19
TRUSTe Inc., 2016
20
TRUSTe Inc., 2016
Summary
1. Cultivate evangelists for the PIA solution
2. Define value of the PIA solution
3. Align on initial PIA solution goals
4. Start small scale later
5. Look for new opportunities
6. Listen to feedback
7. Keep it simple
8. Over communicate
21
TRUSTe Inc., 2016
Questions?
Contacts
Beth Sipula
Paul Iagnocco
bsipula@truste.com
paul.iagnocco@kellogg.com
Thank You!
Register now for the final webinar in our our 2016 Summer/Fall Webinar
Series on December 8 Metrics for Success: Quantifying the Value of the
Privacy Function
See http://www.truste.com/insightseries for the 2016 Privacy Insight Series
and past webinar recordings.
TRUSTe Inc., 2016
v
24
Privacy Insight Series
truste.com/insightseries
v
TRUSTe Inc., 2016