Additional Program Considerations

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

3 hours 39 minutes
Video Transcription
Welcome to Module 2.7.
Additional program considerations
in this module
will cover understanding funding benefits, understand program size based on organizational size
and learn how to build program awareness
included this module to ensure that
we reinforced some of the elements we've already discussed
to help those who may be experiencing difficulty getting your program off the ground or getting funding or potentially understanding how to uh
future proof your program by understanding the scale that your program needs to be moving forward. And maybe if you have concerns about building awareness,
funding and budgeting considerations,
exposure of gaps and procedures and workflow is something that your program may encounter as you collect information, uh and it may be important to ensure, from a prioritization standpoint that any opportunity
that is identified that needs to be closed up or or viewed as it pertains to how P. I flows. Your organization is included within
uh the the expense of running your program.
Greater security for all stakeholders is something that your program
may help potentially fund or could get funds from another initiative within your organization. Again, culture typically drives this industry drives this. If you're already in a regulated industry, uh, there should be probably very little you would have to do from a security standpoint
whether it's data transformer, physical movement throughout a facility.
But if you're in an organization that doesn't necessarily have a lot of security controls in place, this may be an area that you can share that responsibility with those stakeholders, reduction, reduction in financial liability, regulatory risk. As you go through this exercise of building your program, you may find that
there could be a financial benefit
by reducing liability, whether it's, uh, a reduction in insurance, uh, liability or maybe there have been risks or or or finds previously. And you're starting a program because of regulatory mishaps
at the organization. Uh, and you can include the potential savings there within your program, uh, reduction in incident and breach related costs. If you've gone through an incident investigation or a breach, uh, maybe it's under easy to quantify the
finds that have incurred, but it's not necessarily easy to quantify the soft costs associated with
uh conducting those investigations. What expense did it occur to the organization of the organization incur as it related to those functions? Uh, if you're able to reduce that expense, that may be a way to either streamline that with software or
eliminate them altogether,
hopefully had that direction. So you can use that expense as a way to fund your organization moving forward.
Uh and then preservation of brand is also important if you have a marketing department or you have stakeholders or executives understand the value of the brand and the potential impact that a brooch could have on that brand. Maybe you have
some associations, you can work forward to see what type of
uh maybe a reduction in stock value or reduction in revenue or profit after a breach occurred. You can discuss with them and you can provide uh that that data to your analysis to determine
if you make a certain investment, you can potentially avoid an expense
moving forward or a drop in value of your brand
by having a privacy program that's well run. So those are some funding and budgeting considerations for you
organization. Model responsibilities are reporting for large organizations. Typically they'll have a chief privacy officer, a privacy manager, They'll have analysts, business leaders or lasagne and they'll have first responders and first responders are the individuals who I would like to say in the event, there's an incident that they are well trained
in regard to responding to those types of incidents
in some large organizations. It's it's not
feasible for a chief privacy officer to either fly out or or get physically involved in every type of incident. Those first responders are going to be key when it comes to data gathering and helping the organization mitigate the risk.
Small organizations, I may have a data protection officer or an individual who has responsibilities included with another role. Uh this is where your organization may not be large enough to have
the funds or the means or the need to have an individual who is solely responsible for a privacy program. However, uh maybe you have an executive or someone, a manager who is uh doing a great job in one area and you want to ask them to take this responsibility on
uh that that may be necessary for a small organization to have a shared role. It's important regardless of the role, to have a point of contact internally and externally
internally, when you talk about point of contact, depending on your organization set up, it's important to make sure that you understand who is ultimately responsible for privacy inquiries internally as well as externally for consumers or, or past employees
or, or stakeholders that may need to get uh
in touch with those who run your privacy program. Maybe that external access or contact information goes directly to a committee or to some sort of helped us type workflow, but regardless, it should be easy for individuals internally and externally to understand who to contact in the event. There is a concern,
uh, professional competence requirements, uh and measure is something that's also important. Well, we talked about the job descriptions and, and whether some of those job descriptions require someone to be heavy there, a four year degree or maybe they require a certification.
It's important understand how you're going to grow the knowledge base within your privacy program and how you measure that growth as, as we understand in the privacy world, regulations and legislation changes often. So it's important to make sure your, your understanding how individuals are spending their time, keeping their professional competency
up to speed. Uh, for those of you who are attorneys or those of you who know physicians continuing education requirements are necessary to maintain, uh, your, your license or your practice. And that is very similar to a lot of organizations issues that have certifications now
that require continuing, ongoing, uh, sort of, uh, continuous education to keep a certification or license up to speed. So it's important to make sure you have included professional competency requirements and how you're going to measure those within your program to ensure that you
are going to mature your program.
And if you've got a plan to mature your program, long term
awareness is incredibly important for your program. Creating awareness of privacy program internally and externally is important showing a great accountability, identify, catalog and maintain documents having that. What I call point of truth for the the documents associated with in your program,
create external and possibly internal website where individuals can obtain information on your program,
ensure contact information is easy to obtain for all stakeholders is incredibly important for the awareness and visibility of your program
quiz. Question. The best role for a large multibillion dollar organization to oversee all privacy matters is A or N
chief privacy officer
in this module.
We covered
how to fund your program.
We discussed
various considerations of program reached due to organizational size and we also discussed how to improve the awareness of your privacy program.
Up Next