Privacy Management Reference Model and Methodology

(PMRM)PMRM Comments - Further

Development of Use Case Template

For DiscussionPMRM TC MeetingMarch 13, 2014

Comments/Recommendations from Gail Magnuson

and Diana Proud-Madruga

PMRM v1.0 Conceptual Model

PMRM Methodologyset of 20 discrete tasks

PMRM Services

Services - the organizing structure linking required Privacy Controls to operational mechanisms necessary for implementation and conformance

Comments on Template Design-1

• Gail: In reflecting on my experience with the PMRM and where it might be extremely beneficial, especially for time starved CPOs is:o To facilitate a business and IT architecture that is privacy and

security complianto To provide visuals for both operations and IT professionals that

help them envision how they might be privacy compliant and innovate new privacy compliant vehicles as technology changes

Comments on Template Design-2

• Gail: What this says to me regarding these observations is that PMRM (and the PMRM example) must:o Be completed at the macro, not the micro levelo It is too time consuming to be completed at a lower level and

does not reap the benefits for the Privacy Office o It must produce a super ‘use case’ that is applicable to the many

use cases being developed by IT and Business Professionalso It must demonstrate a process that is complex with a simple

resulto It must be able to translate complex results into examples that

business and IT individuals are able to followo These examples MUST go far beyond the high level statements,

such as ‘implement role based security’ and the like. These statements are generic and can be made without needing the PMRM

Comments on Template Design-3

• Gail: From my small amount of hours (less than 16), I have reached the observations/recommendations:o It is essential to complete an end-to-end detailed example of

the PMRM in use that will prove that one PMRM process might provide specific and comprehensive guidance that can be leveraged over many IT/Operations projects for an entity

o Already in my PMRM exercise, I have designed new products, domains, business processes, systems and applications that are FAR more privacy compliant given the original PMRM document. In doing this I believe that, even before I get to the PI/PII bundles and the Privacy Controls/Services that the PMRM process has produced significant results!

o It is critical to consider, as you have indicated, visualization techniques that allow viewers to drill down into the detail and provide a view for different types of individuals, e.g. regulators, privacy office staff, IT and business process engineers

o Today, there exists public information that would support the completion of an end-to-end example of the power of the PMRM, without a major investment of time

Comments on Template Design-4

• Gail (continued) :The next challenge is to translate this comprehensive end-to-end detailed work into what will resonate with ‘results oriented and time challenged’ CPOs. This can be done through the visualization techniques

• The specific and comprehensive guidance of the initial PMRM effort for a corporation must then provide simple instructions of how to imbed privacy compliance into IT and business projects and be flexible enough to revise the initial PMRM work for the next projects as the technology, regulations and business processes changes

• I support the discussions I heard in Halifax about being able to present, for example the high level data flow diagrams, and then be able to ‘drill down’ into the detail. Perhaps we might explore Michelle Dennedy’s work and/or the capabilities of something like Tableau for visualization techniques. I was highly impressed with the Tableau abilities to perform a ‘drill down’

• It is essential to demonstrate the investment in executing the PMRM from an ROI perspective. I heard that loud and clear in the session last week.

Comments on Template Design-5

• Diana: In going through the PMRM, I found myself frequently wondering what the end result would look like. How would it all fit together? o Gail: I believe that the PMRM provides privacy compliant

architectures and designs and technical specifications for products, processes and systems. In less than 10 hours of my time I believe I significantly improved the overall privacy and security of the architecture for the products, processes and systems.

o Gail: What this also says is that some of the benefit information in the methodology document might be repeated in the use case document.

Comments on Template Design-6

• Diana: Right now, as it’s written, the PMRM has many good and useful elements/areas of exploration that will generate a large amount of data. Some of this data may already exist in an enterprise and some will need to be generated from scratch.  o Gail: I definitely support this suggestion. I also believe

that a good bit of the data is available publicly as well. 

Comments on Template Design-7

• Diana: Going through this process for every project/use case that exists for a large organization is going to be overwhelming at first glance. o Gail: I recommended conducting ONE high level, but

comprehensive, PMRM for an organization, and then leveraging the work at lower levels. Very few organizations will invest in large $ detailed work.  

Comments on Template Design-8

Suggestions for how to make it a less

daunting task-1

• Diana: Create extremely simplified, high-level examples to illustrate a PMA and how it can be used.o Gail: In addition to the ONE high level PMRM, I support the

visualization idea that provides high level views with drill downs. 

• Refer to the PMRM and the resulting PMA as living documents, emphasizing that they can start with one use case and, over time, expand it to include multiple use cases. Using this approach should result in significant time savings with each subsequent use case as many of the elements from previous use cases will apply to the new use cases.o Gail: I fully agree with this. 

Comments on Template Design-9

Suggestions for how to make it a less

daunting task-1

• Diana: Something like this will NEVER fly without management/executive buy-in. There should be some kind of brief synopsis outlining the purpose and benefit/ROI to implementing this process in an enterprise. This synopsis should be very high-level, non-technical, and with very simplified examples of how it can be used. o Gail: Definitely agree. This suggestion is similar to that of creating the

benefit/ROI by audience suggested from the Halifax meeting. While I did not finish my exercise, this was the first time that I could put into words the tangible benefits of the PMRM for different audiences, naturally management included. I had to get to the point where I could, with a MINIMUM of effort take a use case from beginning to end, proving that I could create a result that would provide privacy compliant architecture, designs and technical specifications that would be far superior to the guidance I provided from the privacy office heretofore. Since I did not complete the effort, it might be difficult for one to see what I saw. I was personally convinced that the synopsis and compelling examples for senior executives can be developed. I also strongly believe that the first sell is to the time-starved CPO. It is this individual that must be sold first about the feasibility of using the PMRM.

Comments on Template Design-10

Suggestions for how to make it a less

daunting task-2

• Diana: Many enterprises follow activities/models that accomplish at least part of what PMRM does. Suggestions on how to leverage work that may already have been done could be useful.o Gail: I totally agree and think that this idea should be woven

into the Use Case example.

Comments on Template Design-11

Suggestions for how to make it a less

daunting task-3

• Diana: When I brought up the question of what the end result would look like, one of the replies was that until you finish the sample use case, you can’t define the PMA. In my opinion, this is backwards. By defining where you want to end up, it will help you to define the elements required to get there. By not defining the PMA, you run the risk of making the process more complicated than it needs to be. Also, just because you have defined the PMA does not mean that you can’t change your mind. This should be a spiral development process, not a linear one.

o Gail: This is the most interesting observation of all. On the one hand, we have not taken a use case through all of the steps of the PMRM. We have collectively done a great job at exercising the architecture and design portions of the PMRM. I found that I was able to produce far more detailed architecture and design guidance via my PMRM exercise than I gave or was given to by major privacy experts/consultants. However, we have not yet well demonstrated translating the design into privacy controls and privacy services that resonate with those responsible for technical implementations. Given this observation, perhaps the PMRM group might consider Diana's spiral development process (which I do support in general) and move forward with a spiral development process with the first half of the PMRM and a more lineal process for the second half of the PMRM. Once the full life cycle of the PMRM is established, then the full PMRM might be further developed in a spiral process.