Scribd Logo
Upload

Welcome to Scribd!

  • Webinar - Metrics For Success: Quantifying The Value of The Privacy Function

    Uploaded by

    TrustArc
    22 views24 pages
    Webinar explaining the privacy metrics, the categories and types of metrics, how to establish a monitoring program. Watch the full webinar here: https://info.truste.com/quantifying-value-privacy-function-webinar.html

    Original Title

    Webinar | Metrics for Success: Quantifying the Value of the Privacy Function

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Webinar explaining the privacy metrics, the categories and types of metrics, how to establish a monitoring program. Watch the full webinar here: https://info.truste.com/quantifying-value-privacy-function-webinar.html

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views24 pages

    Webinar - Metrics For Success: Quantifying The Value of The Privacy Function

    Uploaded by

    TrustArc
    Webinar explaining the privacy metrics, the categories and types of metrics, how to establish a monitoring program. Watch the full webinar here: https://info.truste.com/quantifying-value-privacy-function-webinar.html

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 24

    Metrics for Success: Quantifying

    the Value of the Privacy Function


    December 8, 2016

    Privacy Insight Series


    - truste.com/insightseries
    v

    TRUSTe Inc., 2016


    1
    TRUSTe Inc., 2016

    Todays Speakers
    Deidre Rodriguez
    Director, Corporate Privacy Office
    Anthem, Inc

    Marcus Morissette
    Global Privacy Officer
    eBay

    Kevin Trilli,
    SVP Product,
    TRUSTe

    Privacy Insight Series


    - truste.com/insightseries
    v

    2
    TRUSTe Inc., 2016

    Privacy Metrics and Dashboard


    Kevin Trilli, SVP Product, TRUSTe

    Privacy Insight Series


    - truste.com/insightseries
    v

    TRUSTe Inc., 2016


    3
    TRUSTe Inc., 2016

    Agenda

    Speaker Intros
    Metrics and Privacy Organization
    Categories and types of Metrics
    Building / establishing a Monitoring Program
    Challenges and Recommendations

    Privacy Insight Series


    - truste.com/insightseries
    v

    4
    TRUSTe Inc., 2016

    Privacy Metrics

    Privacy Insight Series


    - truste.com/insightseries
    v

    TRUSTe Inc., 2016


    5
    TRUSTe Inc., 2016

    Purposes and Categories of Metrics

    Target Audience

    Audience

    Purpose

    Privacy Officer /
    Privacy Manager

    Internal

    Program development
    Organizational Management

    Executives / BOD

    Internal

    Communicate overall risk


    posture
    Resource requests

    Auditors /
    Regulators

    External

    Demonstrate program
    accountability and effectiveness
    Transparency

    Privacy Insight Series


    - truste.com/insightseries
    v

    6
    TRUSTe Inc., 2016

    CPO/Privacy Manager:
    Program Establishment, Evolution and Budgeting

    Initial stage is strategy planning and development


    Requires selecting and planning a set of program activities
    Establish required set of resources

    On-going management
    Program and goal management
    Resource utilization
    Gaps / program maturity velocity

    Privacy Insight Series


    - truste.com/insightseries
    v

    7
    TRUSTe Inc., 2016

    Example: Privacy Program Management

    Privacy Insight Series


    - truste.com/insightseries
    v

    8
    TRUSTe Inc., 2016

    CPO/Privacy Manager: Operational Management


    Inbound inquiries to privacy team (tickets/advise/projects)
    % utilization

    Policies under management


    Reflective of external and internal laws, regs, policies shows scope

    Assets under management


    Data processing applications and systems

    Projects (risk assessments, PIAs, etc)


    #, state, aging, response time

    risk issues identified and remediated

    Incidents (breach, data release, reg inquiries)


    #, type and risk levels, remediation plan

    All are mapped to each BU to show status across enterprise


    Includes HR, IT and Marketing functional groups as needed
    Privacy Insight Series
    - truste.com/insightseries
    v

    9
    TRUSTe Inc., 2016

    Example: Risk Assessment and Remediation Metrics

    Privacy Insight Series


    - truste.com/insightseries
    v

    10
    TRUSTe Inc., 2016

    Executive / BOD

    Privacy Program Overview / Budgeting


    Program to Goal (%)
    Overall Resource allocation
    Budget justification

    Risks
    Incidents
    Regulatory enquiries

    Related fines/investigations (vertical)


    Heat Map

    Privacy Insight Series


    - truste.com/insightseries
    v

    11
    TRUSTe Inc., 2016

    External Reporting
    Derived from internal metrics/dashboard, but may need
    sanitizing
    Have ready on-demand to demonstrate program
    Ideal: Technological system of record that can grow and aggregate
    project/project
    Maintained for data integrity

    Basics:
    Database of data processing assets (#, classified by risk) with metadata
    Construction of key data transfers (EU, APEC)

    Consumer metrics (inquiries/disputes and resolution paths)

    Needs to accompanied by evidence/documentation

    Privacy Insight Series


    - truste.com/insightseries
    v

    12
    TRUSTe Inc., 2016

    Example: Asset Inventory characterized by risk

    Privacy Insight Series


    - truste.com/insightseries
    v

    13
    TRUSTe Inc., 2016

    Where to Start

    Privacy Insight Series


    - truste.com/insightseries
    v

    TRUSTe Inc., 2016


    14
    TRUSTe Inc., 2016

    Starting a Monitoring Program


    First socialize with stakeholders / execs
    Determine what matters most / scope
    Prioritize to get started
    Assess current capabilities

    Privacy Insight Series


    - truste.com/insightseries
    v

    15
    TRUSTe Inc., 2016

    Starting a Monitoring Program


    Document your privacy program plan to get ready
    Will you need to develop emails or templates for use during monitoring
    (announcement emails, SharePoint sites created, who will be responsible for
    what)
    Determine where you will store data and who will have access

    Are there callouts/disclaimers that need to added to metrics?


    When will metrics be produced and by whom
    Stagger monitoring so that it will not create negative impact for the business
    Understand any reporting/monitoring that may be done in the business that will
    have potential impact
    Write desktop procedure for how everything will happen A-Z

    Communicate across broader organization

    Privacy Insight Series


    - truste.com/insightseries
    v

    16
    TRUSTe Inc., 2016

    Beginning to Monitor

    Privacy Insight Series


    - truste.com/insightseries
    v

    TRUSTe Inc., 2016


    17
    TRUSTe Inc., 2016

    Beginning to Monitor
    Identify lead that will be responsible for monitoring a specific piece of
    work
    Put everything on the calendar
    Date you will start sending requests to business
    Date you will analyze data
    Date that you will document findings
    Date you will review metrics
    Date that you will release metrics
    Date corrective action plans will be due
    Any ongoing follow up or re-monitoring to ensure issue has been adequately
    addressed

    Keep leadership informed of roll out and any changes to program that
    may impact them

    Privacy Insight Series


    - truste.com/insightseries
    v

    18
    TRUSTe Inc., 2016

    Continuing to Grow Monitoring


    Program

    Privacy Insight Series


    - truste.com/insightseries
    v

    TRUSTe Inc., 2016


    19
    TRUSTe Inc., 2016

    Growing Monitoring Program


    Continue to monitor risks and what matters most
    Identify plan to grow program
    What will be monitored next and why
    Doing it by risk is easiest to explain
    Continue to lobby for resources to expand program

    Continue to collect feedback on metrics


    Document all findings and do follow up on corrective action plans
    This enables you to show leadership the positive impact of your program (what
    were you able to find and correct)

    Partner with Internal Audit


    Roll up data by quarter and produce annual metrics

    Privacy Insight Series


    - truste.com/insightseries
    v

    20
    TRUSTe Inc., 2016

    Challenges and Takeaways

    Privacy Insight Series


    - truste.com/insightseries
    v

    TRUSTe Inc., 2016


    21
    TRUSTe Inc., 2016

    Challenges

    How to do actual job but also measure and


    document
    Control of data sources that feed metrics
    Dealing with aspects of privacy
    management that dont have easy metrics

    Privacy Insight Series


    - truste.com/insightseries
    v

    22
    TRUSTe Inc., 2016

    Contacts
    Deidre Rodrigeuz
    Marcus Morissette
    Kevin Trilli

    Privacy Insight Series


    - truste.com/insightseries
    v

    Deidre.Rodriguez@anthem.com
    mmorissette@ebay.com
    ktrilli@truste.com

    TRUSTe Inc., 2016


    23
    TRUSTe Inc., 2016

    Thank You!
    Details of our 2017 Winter/Spring Webinar Series will be available shortly.

    See http://www.truste.com/insightseries for all the 2016 Privacy Insight


    Series and past webinar recordings.

    Privacy Insight Series


    - truste.com/insightseries
    v

    TRUSTe Inc., 2016


    24
    TRUSTe Inc., 2016

    You might also like