Auditing Data Privacy Risks

The Institute of internal Auditors Philippines, Inc.

The Institute of Internal Auditors (IIA) Philippines is a professional organization dedicated to the advancement of the internal audit profession in the country. Our members, who work in internal auditing, risk management, governance, internal control, information technology audit, education and security, came from various industry or sectors in the Philippines and belong to a global network of almost 200,000+ professionals from more than 170 countries and territories sharing a common vision of a global profession of internal auditing.

The Institute of Internal Auditors Philippines Inc. (IIAP) was registered with SEC in 1982 and formerly known as The Institute of Internal Auditors, Inc. – Manila Chapter. It was founded on August 14, 1948 by Mr. Santiago F. Dela Cruz Sr. along with a small group of accountants actively engaged in the profession. Mr. Dela Cruz, who is considered to be the moving spirit of the association, is the same man who, two years earlier than IIAP, co-established the Philippine College of Commerce and Business Administration (PCCBA) which we now know as the University of the East.

The IIAP despite some struggles during its formative years was able to attain full-fledged stature as a professional association upon earning its “Institute” status from The Institute of Internal Auditors (IIA Global) in 1990. At the time, IIAP is 1 of the 6 (six) chapters in the Pacific Region (others were in Bombay, Tokyo, Sydney, Melbourne and Ceylon). On its 75th Anniversary Celebration and Global Business Meeting last 16-17 July 2016 at New York Hilton Midtown, the IIAP was acknowledged as the 3rd Chapter organized by the IIA Global since the latter’s founding in 1941 still then headquartered in New York City, USA

Event Details

Focus and Features

Individuals and institutions are taking drastic measures to flatten the curve of COVID-19 infections, and these measures, while important, may threaten our recently recognized privacy rights.

Privacy is a risk management issue for businesses, governments, and nonprofit organizations. Consumers are concerned with how businesses and organizations use and protect this information. Business owners and management want to meet the needs and expectations of their customers, business partners, and employees; keep any commitments pursuant to contractual agreements; and comply with applicable data privacy and security laws and regulations.

To become an effective Internal Auditor, the main objectives of this training are as follows:

Understand why Privacy is important in enforcement activity, incident management and laws, rules and regulations,
Understand your obligations and ensure compliance with applicable laws and regulations when processing Personal Information and
Develop a privacy audit program that will enable you to identify and evaluate the key risks as well as come-up with recommendation on the improvement of your company's privacy compliance program.

Attendees will gain a foundation of knowledge that will allow them to properly prepare for and conduct a successful audit of the privacy compliance program.

What You Will Learn

I. Introduction to Privacy

What is Privacy?
Definition of Personal Information
Privacy Roles (Data subject, Data Controller, Privacy Officer, etc.)
Internal Auditing's Role in the Privacy Framework
Privacy Audit

II. AICPA/CICA Generally Accepted Privacy Principles (GAPP)

Management
Privacy Notice
Choice and Consent
Collection
Use, Retention and Disposal
Access
Disclosure to Third Parties
Security for Privacy
Quality
Monitoring and Enforcement

III. Privacy Risk Assessment

Significance and Likelihood of Privacy Risks
Privacy Heat Map (Risk Map) using GAPP Framework

IV. Audit Process

Engagement Planning
Performing Engagement
Communicating and Monitoring Audit Results

V. Case Studies

VI. Seminar Conclusion

Plan for Action

Speakers

Michael Cabatuando

ASPAC Privacy Compliance Head and Data Protection Officer at Johnson & Johnson

Mike is the ASPAC Privacy Compliance Head and Data Protection Officer for Johnson and Johnson. He is the ASPAC Privacy Compliance Head for Consumer and Corporate sector. He reports to the Chief Privacy Officer based at the headquarters of Johnson and Johnson at New Jersey.

He previously held various roles at the Global Finance Services (GFS) of Johnson and Johnson from Compliance Head of Manila Shared Service Center to Regional Compliance Manager supporting the Country Finance Centers (COEs) in ASPAC.

During his stint in the role, Mike is a recipient of the “Encore Platinum Award” (prestigious citation for J&J employee) for his excellent performance in documentation of Company’s processes and controls. He also led several initiatives for GFS such as establishment of the SOX Program, Compliance Training and System’s Access reviews (SSC Manila), Audit Readiness, Standard Operating Procedures, Document Control Matrices, Test Scripts and Consulting Reviews for Project Implementations.

The Institute of internal Auditors Philippines, Inc.

Contact us

Event Details

Speakers

Michael Cabatuando

Sponsors and Partners

Tickets

Member's rate

Non-member's rate

The Institute of internal Auditors Philippines, Inc.

Contact us

Auditing Data Privacy Risks

Event Details

Speakers

Michael Cabatuando

Sponsors and Partners

Organizer

Tickets

Member's rate

Non-member's rate