data privacy day - mars best practices

Developing talent • G

rowing ventures • O

pening markets

Visit us at marsdd.com

Data Privacy Day: The Start-‐up’s Guide to Privacy January 28th, 2016

J A N U A R Y 2 0 1 6



pening markets


1.  Why invest in privacy? 2.  What do I need to do?

–  Understand the LegislaQve Landscape –  Develop a Privacy Management Program

•  AccountabiliQes •  Risk Management

•  Privacy OperaQons

3.  Where can I get more informaQon?

Agenda

September 2014



pening markets




pening markets


•  Know what privacy laws apply to you and your customers: –  Business Models:

•  Business to Business •  Business to Consumer

–  JurisdicQons: •  Ontario •  Canada •  U.S. •  World

LegislaQve Landscape



pening markets


Privacy Program

Governance and

Accountability

Privacy Operations

Privacy Risk Management

Develop a Privacy Management Program



pening markets


Privacy Risk Management

•  Privacy Impact Assessment –  IdenQfy Privacy Gaps – MiQgate Privacy Risks (Admin. & Tech.)

–  Consists of: •  Authority •  Data Flow (CollecQon, Use and Disclosure)

•  Assessment

•  MarkeQng Tool



pening markets


•  Appoint a privacy officer •  Create Privacy Policies •  Confiden6ality Agreements •  Privacy and Security Awareness Training •  Create a culture of privacy

Governance and Accountability



pening markets


Appoint a Privacy Officer

•  PosiQon will depend on size and complexity of organizaQon –  Large organizaQon – dedicated privacy

person –  Small organizaQon – assigned to someone

with other responsibiliQes

•  Must have the authority and resources needed to deal with privacy issues



pening markets


Privacy Policies

•  Overarching privacy policy •  Privacy statement suitable for the

public and published in a brochure or on website

•  OperaQng policies addressing major privacy issues such as consent, disclosure, client access



pening markets


Confiden6ality Agreement

•  Make everyone who handles personal informaQon sign a confidenQality agreement.

•  Ensure that they understand their obligaQon to keep personal informaQon confidenQal and the consequences of breaching customer privacy.



pening markets


Privacy and Security Awareness Training

•  Security and Privacy Awareness training for all staff who have access to personal informaQon

•  Specialty training for privacy officers, app developers

•  Consider different approaches: –  Classroom style

–  Videos –  Computer-‐based training



pening markets


Culture of Privacy

•  Make privacy a core value •  Privacy is good for business •  Promote secure behaviors •  Senior Management must lead by

example



pening markets


Privacy OperaQons

•  Incident/Breach Management •  Consent Management

•  Individual Access & CorrecQon •  Complaints & Inquiries



pening markets


Be ready for a Privacy Breach

•  Privacy Incident: Unauthorized or illegal access to, or use, collecQon, disclosure or disposal of personal or personal health informaQon. A privacy incident results from a privacy breach.



pening markets


Consent Management

•  Obtain Consent •  Withdrawing Consent

•  Overriding a Consent DirecQve •  ReinstaQng Consent



pening markets


www.privacyhorizon.wikispaces.com

Privacy and Security Links

Privacy and Security Resources



pening markets


THANK YOU!

B E C A U S E T H E F U T U R E M A T T E R S

I NNOVAT ION