Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise."— Presentation transcript:

1 © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise Tomas Sander Secure Systems Lab, HP Labs Princeton tomas.sander@hp.com

2 What is privacy For corporations, privacy is about: −The application of laws, policies, standards and processes by which “personally identifiable information” of individuals is managed.” −For global companies requires ability to manage complex local/global regulatory environment their own company’s related privacy polices and practices Company positions vary: −Liability based model −Avoid reputation risk −View good privacy as a way to enhance trust in their brand −Accountability based approach Include ethical principles in business decision making

3 Source: Ponemon Institute

4 Challenge Include good privacy decision making in all your business processes

5 Example: Privacy issues in Outsourcing Excessive media scrutiny Continuous reassurance required by customers and government agencies on data protection Risks and liabilities −Significant volumes of privacy sensitive data processed −Large number of staff required in data processing −Contractual liabilities −Reputation risk!!

6 Deal PursuitDue DiligenceContractTransitionRamp UpGo Live Privacy concerns High level assessments, e.g. :  Deal spoilers/ Show stoppers  Transborder data flow issues  Assessment of privacy risk and indication of need for detailed legal clearance Privacy concerns  Detailed analysis of applicable privacy requirements  Determination of which responsibilities are HP’s and which of the customer  Determination of privacy related clauses, disclaimers etc. to be put in the contract  Identification of technical components to be put into the solution  Identification of privacy related cost drivers  Levels of privacy protection required for solution The contract is created and negotiated from the guidelines of the due diligence stage and the contact is signed  Privacy concerns  Specifications of technical and procedural guidelines  Determination of what needs to be done  Training of employees Privacy concerns  Measurement of effectiveness of technical and procedural privacy measures  Continuous improvement Privacy concerns  Monitoring  Reporting  Ongoing compliance checking  Prevention of privacy violations  Incident Management Privacy concerns during BPO deal life cycle

7 Privacy in outsourcing From a compliance team’s perspective −Technical point solutions do only address small part of problem −Tools that are missing today Tools that support (practical) privacy management Needs to be able to manage privacy requirements, activities and control HP Labs in cooperation with the HP Privacy Office and HP BPO Business Unit has built a tool that −Takes as input data specifying a particular BPO deal −Outputs requirements, advice, warnings and controls which apply in the specified scenario Tool is deployed within HP BPO

8 Problem 1 Create formal policy language framework, so that the output is at “medium” level of detail and understandable and actionable for human users. Should to allow to −Model Security and privacy relevant activities and controls −Model business processes at appropriate level of detail −Translate higher level policies and regulatory requirements into actionable chunks

9 Problem 2: Add Accountability - what does it mean? Liability-Based: Privacy Laws & Regulations Case Law Interpretation, Codes of Conduct, Safe Harbor, Contracts Accountability-Based: Assertions, Promises, Policies Ethics- and Values- driven Considerations & Decision Making

10 Problem 3 Provide decision support for privacy and security in corporate settings Policy Effectiveness, −e.g. (Mathematical) Modeling of the behavior of systems and networks and also the users of systems, both internal (operators, staff) and external (customers, regulators), in the context of security policies and protocols; Operations and Assurance −including finding meaningful, measurable, and actionable metrics that can be leveraged to evaluate the risk exposure of an enterprise as well as to decide how well security and governance decisions are performing operationally. Developing deeper insights into how the economics of security can be modeled in an enterprise

Download ppt "© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise."

Similar presentations

ETHICS AS CULTURE KEY ELEMENTS Stage One (primary) – Key Elements of a Culture of Ethics Appoint an ethics program manager to oversee your ethics-related.

ETHICS AS CULTURE KEY ELEMENTS Stage One (primary) – Key Elements of a Culture of Ethics Appoint an ethics program manager to oversee your ethics-related.
1 K P M G L L P A D V I S O R Y Changes in the IT Audit Profession Stephen G. Hasty, Jr. National Partner in Charge IT Advisory Savannah, GA January 4,

1 K P M G L L P A D V I S O R Y Changes in the IT Audit Profession Stephen G. Hasty, Jr. National Partner in Charge IT Advisory Savannah, GA January 4,
CHAPTER 4 E-ENVIRONMENT

CHAPTER 4 E-ENVIRONMENT
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 8: Developing an Effective Ethics Program.

© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 8: Developing an Effective Ethics Program.
Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA 2014. The policy advocacy and regulatory work of the GSMA Mobile Money team.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.
Corporate Ethics Compliance *

Corporate Ethics Compliance *
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Vendor Risk: Effective Management is Essential

Vendor Risk: Effective Management is Essential
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Department of Marketing The Practice of Management Research Professor Mark Gabbott Deputy Dean, Business and Economics.

Department of Marketing The Practice of Management Research Professor Mark Gabbott Deputy Dean, Business and Economics.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

Similar presentations

Ads by Google