Privacy Communities

How To Build Them And Drive Awareness

Page 2

Agenda

• Introductions• Participants

• Steering Committee• Champions

• Awareness• Privacy Week• Training• Newsletters

• Q&A

Page 3

Co3 Automates Breach Management

PREPARE

Improve Organizational Readiness• Assign response team• Describe environment• Simulate events and incidents• Focus on organizational gaps

REPORT

Document Results and Track Performance• Document incident results• Track historical performance• Demonstrate organizational

preparedness• Generate audit/compliance reports

ASSESS

Quantify Potential Impact, Support Privacy Impact Assessments• Track events• Scope regulatory requirements• See $ exposure• Send notice to team• Generate Impact Assessments

MANAGE

Easily Generate Detailed Incident Response Plans• Escalate to complete IR plan• Oversee the complete plan• Assign tasks: who/what/when• Notify regulators and clients• Monitor progress to completion

Page 4

About PRIVACY REF

PRIVACY REF provides privacy program services for SMBs• PRIVACY REF helps SMBs create, refine, and manage their privacy programs

• PRIVACY REF helps SMBs increase revenuesby ensuring that you meet customer privacy and security requirements

• PRIVACY REF helps SMBs avoid expensesby avoiding the data loss, fines and brand damage that can be devastating to any business

• PRIVACY REF helps SMBs comply with regulations by employing best practices for handling customer and employee data while maintaining focus on your core business

• PRIVACY REF provides enterprise-caliber policy and program development and implementation that fits SMB budgets.

PRIVACY COMMUNITIES

Privacy Program Awareness

Page 6

Some common challenges

• Limited privacy resources• Geographically distributed operations• Varying organizational characteristics

• Business processes• Regional / Departmental culture

• “Reinventing the wheel”• Information flow

Page 7

Community

A group sharing common characteristics or interests and perceived or perceiving itself as distinct in some respect from

the larger society within which it exists

Page 8

The Steering Committee

• Charter• Define direction for the privacy program• Provide guidance on initiatives• Review and approve policy proposals

• Comprised of Senior Executives• Information Technology• Legal• Human Resources• Finance• Marketing

Page 10

Privacy Community

• The Privacy Community shares … • Local perspectives• Concerns / Solutions• Programs• Ideas• Artifacts

• Membership is unrestricted• Members are referred to as Privacy Champions

Page 11

Privacy Champions

• Requirements• Passion for privacy• Willing to drive initiatives within their team and/or business unit• Work for your company

• Recruiting• Existing privacy contacts• Nominees from the Steering Committee• Direct invitations• Volunteers• Champions recruit champions

Page 12

Privacy Community Meetings

• Welcome• Comments from a Steering Committee member• Champion perspectives• Update from the Privacy Team• Open discussion of a current issue• Recognition

Page 14

Recognition

• Focus on someone who supports privacy in any role• Tangible reward

• Gift card• Award• Gift (i.e. encrypted USB drive)

• Public recognition• Endorsement by recipient’s management team• Award at a Privacy Community meeting• Intranet• Newsletters

AWARENESS

Page 16

Privacy Awareness – How Are We Doing?

Source: Ponemon Institute

Page 17

Privacy Week

• Annual, company-wide event• Training / share information• Create a buzz• Give champions a chance to shine

• Privacy Presentations• Privacy fairs

Page 18

Privacy Week

• Kicked off by senior leadership• Video• Coffee talks

• Webinars• Repeated to address time zone issues

• Local presentations• Get IAPP involved

• CIPP Exams• IAPP KnowledgeNets

Page 19

Privacy Week Resources

• Privacy Community owns Privacy Week• Privacy team provides coordination• Privacy Community defines content

• Presenters and Fair participants• Privacy Champions• Vendors• Recognized privacy leaders• Internal teams

• The Privacy Game

Page 20

Privacy Week Publicity

• Posters• Emails

• C-level executive to the company• Steering Committee members to their teams

• Rename cafeteria menu items• PII Pasta Salad• Encrypted Eggplant Parmesan• Firewall Fried Chicken

Page 21

Global Data Privacy Day

• Celebrated January 28th • Single topic focus

• Webinars• Local presenters

• Cafeteria menu items renamed

Page 22

Training

• New hire training• Addressed by local HR teams• Hiring manager ultimately responsible

• Core training from the Privacy Team• Enterprise-wide Privacy Policies• PCI 101• HIPAA 101

• Targeted training from the Privacy Team• Upon request • In response to an event

Page 23

Newsletters & Blogs

• Privacy Blog• Subjects are of general interest• Available on the intranet• Weekly publication• Written by the Privacy Team

• Local newsletters• Subjects internally focused• Tip of the month• Local stories• Driven by Privacy Champions

Page 24

Other Contacts

• Privacy Mailbox• Multiple regional instances• Think about anonymous reporting abilities

• Fly-bys• HQ Visitors• Posters

• Positive reminders• “Something went wrong”

QUESTIONS

One Alewife Center, Suite 450

Cambridge, MA 02140

PHONE 617.206.3900

WWW.CO3SYS.COM

“Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.”

PC MAGAZINE, EDITOR’S CHOICE

“Co3…defines what software packages for privacy look like.”

GARTNER

“Platform is comprehensive, user friendly, and very well designed.”

PONEMON INSTITUTE

Bob Siegel

Bob.Siegel@PrivacyRef.com

www.privacyref.com

888-470-1528 x801

508-474-5125

@PrivacyRef