GETTING STARTED

A Structured Approach to Privacy Management

Many privacy and data protection Regulators around the world have written guideline papers that promote the building of a privacy management program. However, these guideline papers do not address how to resource the building and maintaining of privacy management throughout the organization. Privacy offices grapple with the challenge of finding enough resources to allocate for privacy management.

The challenges include communicating organizational privacy management, leveraging and motivating individuals throughout the organization, and justifying the business case to obtain the necessary resources. Even then, how to best allocate the available resources to maximize privacy management has historically been more of an art and less of a systematic approach. Whoever is assigned the responsibility for privacy in the organization, be it the Privacy Officer or an individual with some other title, that person has the initial challenge of asking “Where do I start?”

Three Steps for Getting Started with Structured Privacy Management:

=

Step 1: Baseline

Baseline existing privacy management and resources available in the organization.

=

Step 2: Strategy

Select from two strategies: Compliance Strategy or Accountability Strategy.

=

Step 3: Plan

Create a plan based on the resources available and the Strategy selected.

The structured approach to getting started detailed in this manual is based on three elements.

This manual is supported by Nymity’s practical Privacy Management Accountability Workbook “Workbook” to help you implement structured privacy management throughout your organization. Together, they help Privacy Officers create a definitive privacy management program, justify additional resources, and best allocate the resources to effectively achieve the privacy management strategy established by the privacy office.

N

Responsibility

The organization maintains effective privacy management consisting of ongoing privacy management activities.

N

Ownership

An individual is answerable for the management and monitoring of the privacy management activities.

N

Evidence

Documentation enables demonstration of ongoing maintenance of privacy management activities.

Getting Started Manual

Nymity’s research has resulted in a three step process for getting started with structured privacy management that works for all organizations. It is independent of the amount of resources available, level of initial expertise of the Privacy Officer, jurisdiction, industry/sector and size of organization.

Privacy Management Accountability Workbook

This manual is supported by Nymity’s practical Privacy Management Accountability Workbook to help you implement structured privacy management throughout your organization. Together, they help Privacy Officers create a definitive privacy management program to effectively achieve the privacy management strategy established by the privacy office.