CONTENTS

Acknowledgments

Introduction

Chapter 1 Developing a Privacy Program

The Privacy Vision

Program Approaches

Privacy Objectives

Executive Sponsorship

Business Alignment

Establish a Data Governance Model

Data Governance

Privacy Governance

Establish a Privacy Program

Strategy Objectives

Risk Objectives

Strategy Resources

Privacy Program Strategy Development

Strategy Constraints

Structure the Privacy Team

Roles

Competency

Privacy Program Communications

Privacy Training and Awareness

Maintaining an Awareness Program

Chapter Review

Quick Review

Questions

Answers

Chapter 2 Privacy Program Framework

Develop the Privacy Program Framework

Privacy Charter

Developing Privacy Policies

Privacy Standards

Privacy Laws

Establishing Legal Basis for Processing

Establishing Legitimate Interest

Controls

Control Frameworks

Data Inventory

Data Classification

Data Use Governance

Implement the Privacy Program Framework

Building a Privacy Operation

Developing and Running Data Protection Operations

Developing and Running Data Monitoring Operations

Working with Data Subjects

Collecting Consent

Working with Authorities

Privacy Program Metrics

Risk Management Metrics

Data Subject Engagement Metrics

Data Governance Metrics

Program and Process Maturity

Performance Measurement

Resilience Metrics

Convergence Metrics

Resource Management Metrics

Online Tracking and Behavioral Profiling

Tracking Techniques and Technologies

Tracking in the Workplace

Tracking Prevention

Chapter Review

Quick Review

Questions

Answers

Chapter 3 Privacy Operational Lifecycle: Assess

Privacy Program Baseline

Process Maturity

Baselining Program Elements

Third-Party Risk Management

Cloud Service Providers

Privacy Regulation Requirements

TPRM Life Cycle

Physical Assessments

Assessing Processing Centers and Work Centers

Document Storage

Document and Media Destruction

Device Security

Mergers, Acquisitions, and Divestitures

Influencing the Transaction

Integrating Programs

Privacy Impact Assessments and Data Privacy Impact Assessments

Privacy Threshold Analysis

PIA Procedure

Engaging Data Subjects in a PIA

The Necessity of a PIA

Integrating into Existing Processes

Recordkeeping and Reporting

Risks Specific to Privacy

Privacy Threats

Privacy Countermeasures

Chapter Review

Quick Review

Questions

Answers

Chapter 4 Privacy Operational Lifecycle: Protect

Information Security Practices

Identity and Access Management

Technical Security Controls

Administrative Safeguards

Privacy and Security by Design

Integrating Privacy into Organization Operations

Information Security

IT Development and Operations

Business Continuity and Disaster Recovery Planning

Mergers, Acquisitions, Divestitures

Human Resources

Compliance and Ethics

Audit

Marketing

Business Development

Public Relations

Procurement and Sourcing

Legal and Contracts

Security and Emergency Services

Finance

Other Functions

Other Protection Measures

Data Retention and Archiving

Data Destruction

Data Sharing and Disclosure

Costs of Technical Controls

Chapter Review

Quick Review

Questions

Answers

Chapter 5 Privacy Operational Lifecycle: Sustain

Monitoring a Privacy Program

Business Process Monitoring

Privacy and Security Event Monitoring

External Monitoring

Control Self-Assessment

Auditing Privacy Programs

Privacy Audit Scope

Privacy Audit Objectives

Types of Privacy Audits

Privacy Audit Planning

Privacy Audit Evidence

Auditing Specific Privacy Practices

Chapter Review

Quick Review

Questions

Answers

Chapter 6 Privacy Operational Lifecycle: Respond

Data Subject Requests and Privacy Rights

Data Subject Requests

Working with Authorities

Privacy Incident Response

Incident Response Regulations

Phases of Incident Response

Privacy Incident Response Plan Development

Privacy Continuous Improvement

Chapter Review

Quick Review

Questions

Answers

Appendix A The Risk Management Life Cycle

The Risk Management Process

Risk Management Methodologies

NIST Standards

ISO/IEC 27005

Factor Analysis of Information Risk

Asset Identification

Hardware Assets

Subsystem and Software Assets

Cloud-Based Information Assets

Virtual Assets

Information Assets

Asset Classification

Data Classification

Asset Valuation

Qualitative Asset Valuation

Quantitative Asset Valuation

Threat Identification

Internal Threats

External Threats

Advanced Persistent Threats

Emerging Threats

Vulnerability Identification

Third-Party Vulnerability Identification

Risk Identification

Risk, Likelihood, and Impact

Likelihood

Impact

Risk Analysis Techniques and Considerations

Information Gathering

Qualitative Risk Analysis

Semiquantitative Risk Analysis

Quantitative Risk Analysis

OCTAVE

Other Risk Analysis Methodologies

Risk Evaluation and Ranking

Risk Ownership

Risk Treatment

Controls

Costs and Benefits

Appendix B About the Online Content

System Requirements

Your Total Seminars Training Hub Account

Privacy Notice

Single User License Terms and Conditions

TotalTester Online

Technical Support

Glossary

Index

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.87.133.69