Additional Program Considerations

00:01

Welcome to Module 2.7.

00:03

Additional program considerations

00:07

in this module

00:08

will cover understanding funding benefits, understand program size based on organizational size

00:14

and learn how to build program awareness

00:18

included this module to ensure that

00:20

we reinforced some of the elements we've already discussed

00:24

to help those who may be experiencing difficulty getting your program off the ground or getting funding or potentially understanding how to uh

00:35

future proof your program by understanding the scale that your program needs to be moving forward. And maybe if you have concerns about building awareness,

00:49

funding and budgeting considerations,

00:51

exposure of gaps and procedures and workflow is something that your program may encounter as you collect information, uh and it may be important to ensure, from a prioritization standpoint that any opportunity

01:06

that is identified that needs to be closed up or or viewed as it pertains to how P. I flows. Your organization is included within

01:18

uh the the expense of running your program.

01:21

Greater security for all stakeholders is something that your program

01:26

may help potentially fund or could get funds from another initiative within your organization. Again, culture typically drives this industry drives this. If you're already in a regulated industry, uh, there should be probably very little you would have to do from a security standpoint

01:44

whether it's data transformer, physical movement throughout a facility.

01:48

But if you're in an organization that doesn't necessarily have a lot of security controls in place, this may be an area that you can share that responsibility with those stakeholders, reduction, reduction in financial liability, regulatory risk. As you go through this exercise of building your program, you may find that

02:07

there could be a financial benefit

02:09

by reducing liability, whether it's, uh, a reduction in insurance, uh, liability or maybe there have been risks or or or finds previously. And you're starting a program because of regulatory mishaps

02:28

at the organization. Uh, and you can include the potential savings there within your program, uh, reduction in incident and breach related costs. If you've gone through an incident investigation or a breach, uh, maybe it's under easy to quantify the

02:46

finds that have incurred, but it's not necessarily easy to quantify the soft costs associated with

02:52

uh conducting those investigations. What expense did it occur to the organization of the organization incur as it related to those functions? Uh, if you're able to reduce that expense, that may be a way to either streamline that with software or

03:10

eliminate them altogether,

03:12

hopefully had that direction. So you can use that expense as a way to fund your organization moving forward.

03:21

Uh and then preservation of brand is also important if you have a marketing department or you have stakeholders or executives understand the value of the brand and the potential impact that a brooch could have on that brand. Maybe you have

03:38

some associations, you can work forward to see what type of

03:42

uh maybe a reduction in stock value or reduction in revenue or profit after a breach occurred. You can discuss with them and you can provide uh that that data to your analysis to determine

03:58

if you make a certain investment, you can potentially avoid an expense

04:02

moving forward or a drop in value of your brand

04:08

by having a privacy program that's well run. So those are some funding and budgeting considerations for you

04:14

organization. Model responsibilities are reporting for large organizations. Typically they'll have a chief privacy officer, a privacy manager, They'll have analysts, business leaders or lasagne and they'll have first responders and first responders are the individuals who I would like to say in the event, there's an incident that they are well trained

04:33

in regard to responding to those types of incidents

04:38

in some large organizations. It's it's not

04:41

feasible for a chief privacy officer to either fly out or or get physically involved in every type of incident. Those first responders are going to be key when it comes to data gathering and helping the organization mitigate the risk.

04:58

Small organizations, I may have a data protection officer or an individual who has responsibilities included with another role. Uh this is where your organization may not be large enough to have

05:09

the funds or the means or the need to have an individual who is solely responsible for a privacy program. However, uh maybe you have an executive or someone, a manager who is uh doing a great job in one area and you want to ask them to take this responsibility on

05:26

uh that that may be necessary for a small organization to have a shared role. It's important regardless of the role, to have a point of contact internally and externally

05:35

internally, when you talk about point of contact, depending on your organization set up, it's important to make sure that you understand who is ultimately responsible for privacy inquiries internally as well as externally for consumers or, or past employees

05:54

or, or stakeholders that may need to get uh

05:57

in touch with those who run your privacy program. Maybe that external access or contact information goes directly to a committee or to some sort of helped us type workflow, but regardless, it should be easy for individuals internally and externally to understand who to contact in the event. There is a concern,

06:18

uh, professional competence requirements, uh and measure is something that's also important. Well, we talked about the job descriptions and, and whether some of those job descriptions require someone to be heavy there, a four year degree or maybe they require a certification.

06:35

It's important understand how you're going to grow the knowledge base within your privacy program and how you measure that growth as, as we understand in the privacy world, regulations and legislation changes often. So it's important to make sure your, your understanding how individuals are spending their time, keeping their professional competency

07:00

up to speed. Uh, for those of you who are attorneys or those of you who know physicians continuing education requirements are necessary to maintain, uh, your, your license or your practice. And that is very similar to a lot of organizations issues that have certifications now

07:19

that require continuing, ongoing, uh, sort of, uh, continuous education to keep a certification or license up to speed. So it's important to make sure you have included professional competency requirements and how you're going to measure those within your program to ensure that you

07:39

are going to mature your program.

07:41

And if you've got a plan to mature your program, long term

07:45

awareness is incredibly important for your program. Creating awareness of privacy program internally and externally is important showing a great accountability, identify, catalog and maintain documents having that. What I call point of truth for the the documents associated with in your program,

08:03

create external and possibly internal website where individuals can obtain information on your program,

08:07

ensure contact information is easy to obtain for all stakeholders is incredibly important for the awareness and visibility of your program

08:16

quiz. Question. The best role for a large multibillion dollar organization to oversee all privacy matters is A or N

08:24

chief privacy officer

08:28

in this module.

08:30

We covered

08:31

how to fund your program.

08:33

We discussed