| Privacy Governance (Governance, Management and Risk Management) |
34% |
- Identify the internal and external privacy requirements specific to the organization's governance and risk management programs and practices.
- Participate in the evaluation of privacy policies, programs, and policies for their alignment with legal requirements, regulatory requirements, and/or industry best practices.
- Coordinate and/or perform privacy impact assessments (PIA) and other privacy-focused assessments.
- Participate in the development of procedures that align with privacy policies and business needs.
- Implement procedures that align with privacy policies.
- Participate in the management and evaluation of contracts, service levels, and practices of vendors and other external parties.
- Participate in the privacy incident management process.
- Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation.
- Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development, and implementation of systems, applications, and infrastructure.
- Develop and/or implement a prioritization process for privacy practices.
- Develop, monitor, and/or report performance metrics and trends related to privacy practices.
- Report on the status and outcomes of privacy programs and practices to relevant stakeholders.
- Participate in privacy training and promote awareness of privacy practices.
- Identify issues requiring remediation and opportunities for process improvement.
|
| Privacy Architecture (Infrastructure, Applications/Software and Technical Privacy Controls) |
36% |
- Coordinate and/or perform privacy impact assessment (PIA) and other privacy-focused assessments to identify appropriate tracking technologies, and technical privacy controls.
- Participate in the development of privacy control procedures that align with privacy policies and business needs.
- Implement procedures related to privacy architecture that align with privacy policies.
- Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation
- Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development, and implementation of systems, applications, and infrastructure.
- Evaluate the enterprise architecture and information architecture to ensure it supports privacy by design principles and considerations.
- Evaluate advancements in privacy-enhancing technologies and changes in the regulatory landscape.
- Identify, validate, and/or implement appropriate privacy and security controls according to data classification procedures.
|
| Data Lifecycle (Data Purpose and Data Persistence) |
30% |
- Identify the internal and external privacy requirements relating to the organization's data lifecycle practices.
- Coordinate and/or perform privacy impact assessments (PIA) and other privacy-focused assessments relating to the organization’s data lifecycle practices.
- Participate in the development of data lifecycle procedures that align with privacy policies and business needs.
- Implement procedures related to data lifecycle that align with privacy policies.
- Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development, and implementation of systems, applications, and infrastructure.
- Evaluate the enterprise architecture and information architecture to ensure it supports privacy by design principles and data lifecycle considerations.
- Identify, validate, and/or implement appropriate privacy and security controls according to data classification procedures.
- Design, implement, and/or monitor processes and procedures to keep the inventory and dataflow records current.
|
