Privacy Management tool

Privacy Management tool Privacy Management Tool PMT www.dataprotectionofficer.com | Info@dataprotectionofficer.com www.dataprotectionofficer.com info@dataprotectionofficer.com Privacy Management tool Contents Overview ................................................................................................................................................. 3 What does the tool do? .......................................................................................................................... 4 Privacy Policy Management module....................................................................................................... 7 SAR and FOI Dashboard .......................................................................................................................... 7 Information Asset Register ..................................................................................................................... 8 Incident register ...................................................................................................................................... 8 Risk Register ............................................................................................................................................ 9 Audit calendar ....................................................................................................................................... 10 Contact details ...................................................................................................................................... 10 www.dataprotectionofficer.com info@dataprotectionofficer.com Privacy Management tool Overview There are several features & functions that PMT brings to an organisation. From the point of implementation, there are several achievements that are realisable within its first quarter of operation. One of the first challenges an organisation faces is the creation and dissemination of Privacy Policy and procedures to all its business units and key points of contact. PMT can enable the effective creation and dissemination of the Privacy policies and procedures in 4 weeks through its organisation chart. This forms the foundation of the PMT and the basis upon which the privacy regime is built. A quick overview of the Privacy Management tool (PMT) is as follows: www.dataprotectionofficer.com info@dataprotectionofficer.com Privacy Management tool What does the tool do? Privacy Requirement Implementing corporate policies and procedures Develop Corporate Privacy Policies &Procedures Provide strategic guidance to corporate officers regarding information resources and technology. Provide leadership in the planning, design and evaluation of privacy and security related projects Corporation’s Notice of Information practices Conducting educational programs for business units and clients Auditing and administering privacy program reviews Leadership for privacy program for Assets and projects PMT capable PMT function Policy management – cross organisational view, Policies and disseminated across the enterprise. Group Policies are mapped to Local policies and to Procedures. ““    ““  ““     ““ Organisation chart – represents every Business unit including your 3rd parties and partners. Audit – the module allows External and Internal Auditors to conduct audits against business units or enterprise. All Audit non compliances are reported against a Policies or Information Assets. Management team & Project engagement - The management team is setup to oversee the entire enterprise, a central management team will have visibility of Information Assets and risks. The project engagement module aligns with your organisations Project management cycle to ensure that each project is risk assessed and the assessment includes a Privacy impact assessment. ““ Monitor systems development and operations for security and privacy compliance Counsel relating to business partner Contracts Handling (acquisition and management) of Information Assets;    Partner register & ISA – Policy is disseminated to all 3rd parties and partners, Information Sharing Agreements (ISA) with the 3rd parties and partners are also included in the Privacy framework. Information Asset Register (IAR) – The IAR is completed by each business unit and it includes its risk assessment of each Information Asset. It also includes an ISA as well as the partner that the Information Asset www.dataprotectionofficer.com info@dataprotectionofficer.com Privacy Management tool is disclosed to. Each business unit will be able to keep their records up to date whilst the management team are given visibility. All incidents and Audit non compliances recorded against each Asset is also displayed on the dashboard. Use and disclosure of Information Assets Access/Inspection/Copying of information Assets Amendment/correction of Information Assets Accounting of Disclosure Record-keeping Procedures Administrative Procedures       ““ ““ ““ ““ ““ Subject Access Request dashboard – Admin checks, validity checks are carried out and monitored. All requests are logged, tracked and monitored for responses. It also caters for Attorneys acting on behalf of subjects ““ Individual requesting access who is the subject of the protected Information Asset Power-of-attorney/legal authority Disclosure required by other laws and enforcement in day to day practices Financial institution nonroutine transaction requests Judicial and administrative proceedings Research-related requests Mitigate effects of a use or disclosure of Information Asset by members of the entity’s workforce or business partners. Resolve allegations of noncompliance with the corporate privacy policies or notice of information Practices Government data systems for specific classes of information        ““ ““ ““ ““ ““ ““  ““  IAR – each Information Asset is classified in accordance with the CESG classification guidelines. Each asset is also given a risk rating. www.dataprotectionofficer.com info@dataprotectionofficer.com Report on a periodic basis regarding the status of the privacy program to the Board, CEO or other bodies responsible Individual Assist the Information Security Officers with the development and implementation of an information Governance infrastructure Develop appropriate sanctions for failure to comply with the corporate privacy policies and procedures Development and application of corrective action procedures: Privacy Management tool Report module – creates a report on all the various  aspects of the Privacy monitoring tool.  Information Security – the information Security Department is included into the architecture and their is a link into the PMT in the form of Compliance, Information Security Incident Management, Risk Register,  Incident & Risk Register & Audit non compliances – all act as sources of issues, risks and problems within the Privacy regime. The management team will be able to intercept the activities in the form of access to registers and capability to intervene and resolve them. ““  www.dataprotectionofficer.com info@dataprotectionofficer.com Privacy Management tool Privacy Policy Management module SAR and FOI Dashboard www.dataprotectionofficer.com info@dataprotectionofficer.com Privacy Management tool Information Asset Register Incident register www.dataprotectionofficer.com info@dataprotectionofficer.com Privacy Management tool Risk Register www.dataprotectionofficer.com info@dataprotectionofficer.com Privacy Management tool Audit calendar Contact details Ben Oguntala Ben.oguntala@dataprotectionofficer.com www.dataprotectionofficer.com 07812039867 www.dataprotectionofficer.com info@dataprotectionofficer.com