Professional Documents
Culture Documents
Implement Your Program Data Necessity Optimize data value by collecting and retaining only the data necessary for strategic
goals. Leverage anonymization, de-identification, pseudonymization and coding to
Across Products, mitigate data storage-related risks.
Processes and Use, Retention & Ensure data are used solely for purposes that are relevant to and compatible with the
Technologies Disposal purposes for which it was collected.
Disclosure to 3rd Parties Preserve the standards and protections for data when it is transferred to third party
• Design and/or engineer effective & Onward Transfer organizations and / or across country borders.
privacy and data governance Choice & Consent Enable individuals to choose whether personal data about them is processed. Obtain
controls into organizational and document prior permission where necessary and appropriate, and enable
processes, products and individual to opt-out of ongoing processing.
technologies and maintain and Access & Individual Enable individuals to access information about themselves, to amend, correct, and
enhance those controls Rights as appropriate, delete information that is inaccurate, incomplete or outdated.
throughout the lifecycle for the Data Integrity & Quality Assure that data are kept sufficiently accurate, complete, relevant and current
product, process or technology consistent with its intended use.
Security Protect data from loss, misuse and unauthorized access, disclosure, alteration or
destruction.
Transparency Inform individuals about the ways in which data about them are processed and how
to exercise their data-related rights.
Demonstrate Your Program Monitoring & Assurance Evaluate and audit effectiveness of controls and risk mitigation initiatives.
Reporting & Demonstrate the effectiveness of your program and controls to management, the
Privacy
11 TrustArc.
© 2018, Insight
All rights Series
reserved. - trustarc.com/insightseries
Certification © 2018
board of directors, employees, customers, TrustArcand
regulators Inc the public.
Interoperability in Practice
3 Pillars and 16 Standards are Operationalized with 55 Core Controls
Mapping alignment across regulatory controls
Program Element TrustArc Framework Privacy Shield APEC CBPRs GDPR ISO 27001 HIPAA
Build
Integrated Governance
Risk Assessment
Resource Allocation
Processes
Implement
Data Necessity
Individual Rights
Security
Transparency
Demonstrate
Monitoring and
Assurance
Reporting & Certification
Implement Your Program Data Necessity Optimize data value by collecting and retaining only the data necessary for strategic
goals. Leverage anonymization, de-identification, pseudonymization and coding to
Across Products, mitigate data storage-related risks.
Processes and Use, Retention & Ensure data are used solely for purposes that are relevant to and compatible with the
Technologies Disposal purposes for which it was collected.
Disclosure to 3rd Parties Preserve the standards and protections for data when it is transferred to third party
• Design and/or engineer effective & Onward Transfer organizations and / or across country borders.
privacy and data governance Choice & Consent Enable individuals to choose whether personal data about them is processed. Obtain
controls into organizational and document prior permission where necessary and appropriate, and enable
processes, products and individual to opt-out of ongoing processing.
technologies and maintain and Access & Individual Enable individuals to access information about themselves, to amend, correct, and
enhance those controls Rights as appropriate, delete information that is inaccurate, incomplete or outdated.
throughout the lifecycle for the Data Integrity & Quality Assure that data are kept sufficiently accurate, complete, relevant and current
product, process or technology consistent with its intended use.
Security Protect data from loss, misuse and unauthorized access, disclosure, alteration or
destruction.
Transparency Inform individuals about the ways in which data about them are processed and how
to exercise their data-related rights.
Demonstrate Your Program Monitoring & Assurance Evaluate and audit effectiveness of controls and risk mitigation initiatives.
Reporting & Demonstrate the effectiveness of your program and controls to management, the
Privacy
15 TrustArc.
© 2018, Insight
All rights Series
reserved. - trustarc.com/insightseries
Certification © 2018
board of directors, employees, customers, TrustArcand
regulators Inc the public.
Developing the Policy
1. Start with your company’s goals for
data – how does data drive your
business
2. Select the core privacy and data
protection principles that will serve as
your baseline (e.g., OECD, APEC,
HIPAA, GDPR, Privacy Shield)
3. Add considerations for special cases or
Build more stringent laws
4. Develop the core standards that will
operationalize your principles
5. Build in exceptions or an exceptions
process
6. Validate your principles and standards
against the laws and regulations that
apply to your business
Questions?
Contacts
K Royal kroyal@trustarc.com
Hilary Wandall hilary@trustarc.com
Thank You!
Our Next Webinar will be on September 19, 2018:
Data Breach Management Requirements and Best Practices