![Page 1: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/1.jpg)
1
DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA® ARCHER® SUITE
![Page 2: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/2.jpg)
2
WHO IS AFFECTED?
Anyone processing personal data!
Personal information refers to any information whether recorded in a material
form or not, from which the identity of an individual is apparent or can be
reasonably and directly ascertained by the entity holding the information, or
when put together with other information would directly and certainly identify
an individual.Data Protection Act 2012
![Page 3: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/3.jpg)
3
WHAT IS EXPECTED OF US?
![Page 4: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/4.jpg)
4
THE RISK CHALLENGE
![Page 5: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/5.jpg)
5
![Page 6: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/6.jpg)
6
![Page 7: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/7.jpg)
7
R I S K &
C O M P L I A N C EI T S E C U R I T Y
& P R I VA C Y
? ??
C E O /
B O A R D
M A L I C E M A N D AT E SM O D E R N I Z AT I O N
1st Line of Defense
![Page 8: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/8.jpg)
8
BREACH READINESS
55% 40% 30%
Lack capability to
gather data across
their estate and
provide centralized
alerting
Do not have an
active vulnerability
management
program in place
Do not have a
formal incident
response plan in
place
RSA Threat Detection Effectiveness Survey
![Page 9: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/9.jpg)
9
…LEAD TO RISK IN THE BUSINESS
Unresolved issues
Inaccurate insights &
misinformation
High costs & inefficiency
Holes & gaps
Disconnected data & lack of
context
Poor business decisions
![Page 10: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/10.jpg)
10
WHAT’S NEEDED TO CLOSE THE GAP?
![Page 11: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/11.jpg)
11
WHERE DO YOU START?
• Understand what personal data you process
• Where is it and how is it used
• User should always be first
• Privacy at every level
• Mitigation plan
• Risk Management review
• Incident detection and response planning
![Page 12: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/12.jpg)
12
WHO IS RESPONSIBLE FOR PRIVACY?
DATA RISK
MANAGEMENT
DATA
PRIVACY
• Privacy combines elements of Security, Compliance, and broader Data Risk Management considerations.
• Each respective area, function, and process has a role in ensuring that sensitive corporate information is appropriately protected.
recommended
![Page 13: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/13.jpg)
13
INSPIREEVERYONE
TO OWNRISK
![Page 14: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/14.jpg)
14
FOUR KEYS TO DATA PRIVACY PROGRAM
Breach
Response
Data
Governance
Compliance
Management
Risk
Assessment
Primary objective:
Detect and respond to the threat
before a breach occurs but if a
breach does occur, you need to
know the details and exact
impact.
Primary objective:
Know where data is in the
enterprise and who has access
and implement controls in data
processing activities.
Primary objective:
Establish a risk assessment process to
ensure controls are appropriately
designed and implemented.
Primary objective:
Establish a compliance program to
ensure controls are effective and
operational.
![Page 15: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/15.jpg)
15
THE PROVEN PATH TO TAKE COMMAND OF RISK
![Page 16: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/16.jpg)
16
A GRC STRATEGY TO MANAGE DATA PRIVACY
GRC SOLUTION
Manage
regulatory and
corporate
obligations
Co
mp
lian
ce
Manage
vendor and
outsourced
parties
Th
ird P
arty
Ma
na
ge
me
nt
Protect
business
assets
IT S
ec
urity
Manage
breaches /
disruptions
Bu
sin
es
s
Res
ilien
cy
Operational Risk Management
Third
Line of
Defense
Au
dit
Risk Management
Enterprise Risk Management
CISO
LOB
ExecutivesCXO
Board
CAE
Business Operations
3 Lines of Defence Model
![Page 17: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/17.jpg)
17
A GRC STRATEGY TO MANAGE DATA PRIVACY
Compliance
Policy Management
Controls Assurance
Audit
Audit Program
Third Party Governance
Risk Based vendor
Management
3rd Party Compliance monitoring
Risk Management
Catalog of Sensitive
Information Assets and
related devices
Business Hierachy
Risk Assessments and Reporting
Issues Management
Handling of Findings and Exceptions
Remediation planning
Escalation Workflow
Breach Management
Data Breach process
Handling of Data Subject
Rights processes
![Page 18: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/18.jpg)
18
A GRC STRATEGY TO MANAGE DATA PRIVACY
![Page 19: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/19.jpg)
19
DATA PROTECTION LAWS OF THE WORLD
Personal data refers to data, whether true or not, about an individual who can be identified
from that data; or from that data and other information to which the organisation has or is likely
to have access.
Singapore Personal Data Protection Act 2012 (PDPA)
DLA Piper: global law firm
![Page 20: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/20.jpg)
James FongRegional Business Director | RSA Archer
Integrated Risk Management
M (65) 8533 1395
Leader in the Gartner Magic Quadrant for:
- Integrated Risk Management
- Operational Risk Management
- IT Risk Management
- IT Vendor Risk Management
- Business Continuity Management & Planning
Archer®
![Page 21: DATA GOVERNANCE AND PRIVACY PROGRAM MANAGEMENT WITH RSA ... · Regional Business Director | RSA Archer Integrated Risk Management james.fong@rsa.com M (65) 8533 1395 Leader in the](https://reader031.vdocuments.mx/reader031/viewer/2022011908/5f5e1d466e44d2393d04e761/html5/thumbnails/21.jpg)
21
QUESTIONS?