Building a Privacy Infrastructure

Previous page
Table of content
Next page

Building a Privacy Infrastructure

To ensure a successful privacy program at your company, you should assemble a team of people focused on privacy. The fact that you are building a privacy team and making an effort in this area will help to earn your customer's trust. Your privacy team can benefit your company in the following ways:

  • By building a privacy strategy for your company

  • By creating a privacy training program

  • By creating a consistent message for the public

  • By responding to privacy issues against your company in an effective manner

  • By ensuring compliance with privacy statutes when

    • Building Web sites

    • Creating applications

    • Handling personal data

Depending on the size of your company, you might want to have a Chief Privacy Officer (CPO) and a privacy advocate in each major group. Your company should get involved in privacy conferences and join at least one privacy organization. The Council of Chief Privacy Officers (http://www.conference-board.org/search/dcouncil.cfm?councilsid=173) is one such organization that could benefit your company.

Figure 22-2 provides an example of how a privacy organization could be developed within a company. The CPO reports to a corporate executive and leads a team of people responsible for developing and executing on the corporate privacy strategy. Each major group in the company has a privacy advocate who works closely with the CPO to ensure that the privacy message is spread consistently across all groups in the company.

figure 22-2 a privacy organizational chart.

Figure 22-2. A privacy organizational chart.

The Role of the Chief Privacy Officer

The CPO is the person who is ultimately responsible for the corporate privacy vision and execution strategy. The CPO should have executive sponsorship and the authority to enforce the company's privacy policy across all groups. The CPO should be current on all privacy legislation that might impact your company and should at least monitor the evolution of privacy across the industry. In a company developing products and services, you don't want to lag behind your competitors when it comes to building products that enable privacy protection. In this regard, the CPO should work with each development team so that they understand their responsibility in protecting data and so that appropriate reviews are completed before any product is released.

The Role of the Privacy Advocate

The privacy advocate plays a major role in disseminating the CPO's privacy vision. He should also be prepared to formalize this vision into an action plan that is tailored for the team on which he works. In general, the privacy advocate will be responsible for the following types of tasks:

  • Training his team on the importance of privacy

  • Assisting with the creation of privacy statements

  • Assisting with the design of privacy features

  • Ensuring that privacy is part of each design specification sign-off

  • Heading the post-development privacy review for each component

  • Assisting in the resolution of any privacy issues that might involve the team


Previous page
Table of content
Next page
Writing Secure Code
Writing Secure Code, Second Edition
ISBN: 0735617228
EAN: 2147483647
Year: 2001
Pages: 286
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Developing Tablet PC Applications (Charles River Media Programming)
Competency-Based Human Resource Management
The Java Tutorial: A Short Course on the Basics, 4th Edition
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Information Dashboard Design: The Effective Visual Communication of Data
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy