Building an effective Privacy Compliance Program

Focus & Features

Privacy has become a central theme of our times and we, as individual citizens, all have common interest in it. The heart of the matter is that we want the information we share about ourselves- private information that personally identifies us- to remain in good hands.

To become an effective Compliance Officer/ Internal Auditor, the main objectives of this training are as follows:

• Become familiar with the basic privacy principles, concepts and background
• Understand why Privacy is important in enforcement activity, incident management and laws and regulations
• Begin to understand your obligations when processing Personal Information under your control
• Develop a privacy compliance program for your company to ensure compliance with laws and regulations.

Through team exercises, group discussions, case studies, and lectures, attendees will gain a foundation of knowledge that will allow Compliance Officers and Auditors to properly prepare for and conduct a successful audit. A basic understanding of the roles of risks and internal controls in data privacy will also be stressed, along with interpersonal and team-building skills.\

What You Will Learn

Introduction to Privacy

• Evolution of Privacy
• Definition of Personal Information
• Types of Personal Information
• Privacy as a Process
• Privacy Principles
• Relationship of Information Security with Data Privacy
• Influence on Data Privacy

Privacy Legal Framework

• Development of Legal Mandates
• Different Approaches to Privacy Laws Across the Global
• Understanding your Organization's Legal Requirements
• Gramm-Leach Bliley Act
• Health Insurance Portability and Accountability Act (HIPAA)
• Children's Online Privacy Protection Act
• Fair Credit Reporting Act
• CAN-SPAM
• Introduction to General Data Protection Regulation (GDPR)
• Introduction to Philippine Data Privacy Act
• Evolution of Privacy

Define Organization's Mission Statement, Objectives and Strategies

• Develop a privacy mission statement and strategies
• Develop Goals and Objectives
• Define metrics to measure success
• Prioritizing work based on risk

Assemble your Privacy Team

• Determine the most effective structure
• Create the right combination of experts
• Offering career paths to your privacy team
• Obtaining Professional Certification

Building a Policy Framework

• Mapping data across the organization
• Locating data about employees
• Identifying customer data
• Identifying client-owned data
• Defining co-owned data
• Establishing responsibility for data
• Classifying data
• Create your Privacy Statement or Policy
• Keeping the Privacy Statement or Policy current

Training and Communication

• Building the case for Education and Training
• Developing Training
• Delivering the Training
• Extending training through Communications
• Measuring and Communicating Training Results
• Educating the Enterprise
• Non-disclosure Agreements and Confidentiality Notices reinforce Privacy Training
• Training for Global Management of Privacy

Operate the Privacy Compliance Program

• Making It Happen: A Three-Step Cycle
• Step 1: Assessing Current Privacy-Related Environment
• Step 2: Addressing the Gaps and Improving the Program
• Step 3: Monitoring and Compliance Auditing for Continued Success
• Typical Task of a Privacy Office
• Conducting Privacy Risk Assessments
• Privacy Impact Assessments
• Assessing Risks in Using Third Parties
• Privacy-Related Legal Requirements for Third Parties
• Managing Privacy Complaints
• Developing an Incident Response Plan
• Handling Data Breach Notification Process

Test and Improve the Privacy Compliance Program

• Leveraging Internal Audits in Privacy Governance
• Forging Relationships with Internal Auditors
• Enabling Privacy Self-Assessments
• Providing Compliance checklists for Self-Assessments
• Conducting Business Unit Privacy Risk Assessments

Specific Provisions in accordance with Philippine Data Privacy Act (R.A. 10173)

• Appointment of Data Protection Officer
• Registration of Data Processing Systems
• Data Breach Notification Requirements

Seminar Conclusion

• Plan for Action

Who Should Attend

Data Protection Officers (DPO), Compliance Officers, Information Security Officers, Internal Auditors