There are several features & functions that PMT brings to an organisation. From the point of implementation, there are several achievements that are realisable within its first quarter of operation. One of the first challenges an organisation faces is the creation and dissemination of Privacy Policy and procedures to all its business units and key points of contact. PMT can enable the effective creation and dissemination of the Privacy policies and procedures in 4 weeks through its organisation chart. This forms the foundation of the PMT and the basis upon which the privacy regime is built.
2. Privacy Management tool
Contents
Overview ................................................................................................................................................. 3
What does the tool do? .......................................................................................................................... 4
Privacy Policy Management module....................................................................................................... 7
SAR and FOI Dashboard .......................................................................................................................... 7
Information Asset Register ..................................................................................................................... 8
Incident register ...................................................................................................................................... 8
Risk Register ............................................................................................................................................ 9
Audit calendar ....................................................................................................................................... 10
Contact details ...................................................................................................................................... 10
www.dataprotectionofficer.com info@dataprotectionofficer.com
3. Privacy Management tool
Overview
There are several features & functions that PMT brings to an organisation. From the point of
implementation, there are several achievements that are realisable within its first quarter of
operation.
One of the first challenges an organisation faces is the creation and dissemination of Privacy Policy
and procedures to all its business units and key points of contact. PMT can enable the effective
creation and dissemination of the Privacy policies and procedures in 4 weeks through its
organisation chart. This forms the foundation of the PMT and the basis upon which the privacy
regime is built.
A quick overview of the Privacy Management tool (PMT) is as follows:
www.dataprotectionofficer.com info@dataprotectionofficer.com
4. Privacy Management tool
What does the tool do?
Privacy Requirement PMT PMT function
capable
Implementing corporate Policy management – cross organisational view,
policies and procedures Policies and disseminated across the enterprise. Group
Policies are mapped to Local policies and to
Procedures.
Develop Corporate Privacy
Policies &Procedures ““
Provide strategic guidance
to corporate officers
regarding information ““
resources and technology.
Provide leadership in the
planning, design and
evaluation of privacy and ““
security related projects
Corporation’s Notice of
Information practices ““
Conducting educational Organisation chart – represents every Business unit
programs for business including your 3rd parties and partners.
units and clients
Auditing and administering Audit – the module allows External and Internal
privacy program reviews Auditors to conduct audits against business units or
enterprise. All Audit non compliances are reported
against a Policies or Information Assets.
Leadership for privacy Management team & Project engagement - The
program for Assets and management team is setup to oversee the entire
projects enterprise, a central management team will have
visibility of Information Assets and risks.
The project engagement module aligns with your
organisations Project management cycle to ensure that
each project is risk assessed and the assessment
includes a Privacy impact assessment.
Monitor systems
development and ““
operations for security and
privacy compliance
Counsel relating to Partner register & ISA – Policy is disseminated to all
business partner Contracts 3rd parties and partners, Information Sharing
Agreements (ISA) with the 3rd parties and partners are
also included in the Privacy framework.
Handling (acquisition and Information Asset Register (IAR) – The IAR is
management) of completed by each business unit and it includes its risk
Information Assets; assessment of each Information Asset. It also includes
an ISA as well as the partner that the Information Asset
www.dataprotectionofficer.com info@dataprotectionofficer.com
5. Privacy Management tool
is disclosed to. Each business unit will be able to keep
their records up to date whilst the management team are
given visibility.
All incidents and Audit non compliances recorded
against each Asset is also displayed on the dashboard.
Use and disclosure of
Information Assets ““
Access/Inspection/Copying ““
of information Assets
Amendment/correction of
Information Assets ““
Accounting of Disclosure
““
Record-keeping
Procedures ““
Administrative Procedures Subject Access Request dashboard – Admin checks,
validity checks are carried out and monitored. All
requests are logged, tracked and monitored for
responses. It also caters for Attorneys acting on behalf
of subjects
Individual requesting
access who is the subject ““
of the protected
Information Asset
Power-of-attorney/legal
authority ““
Disclosure required by
other laws and ““
enforcement in day to day
practices
Financial institution non-
routine transaction ““
requests
Judicial and administrative
proceedings ““
Research-related requests
““
Mitigate effects of a use or
disclosure of Information
Asset by members of the
entity’s workforce or ““
business partners.
Resolve allegations of non-
compliance with the
corporate privacy policies
or notice of information ““
Practices
Government data systems IAR – each Information Asset is classified in
for specific classes of accordance with the CESG classification guidelines.
information Each asset is also given a risk rating.
www.dataprotectionofficer.com info@dataprotectionofficer.com
6. Privacy Management tool
Report on a periodic basis Report module – creates a report on all the various
regarding the status of the aspects of the Privacy monitoring tool.
privacy program to the
Board, CEO or other bodies
responsible Individual
Assist the Information Information Security – the information Security
Security Officers with the Department is included into the architecture and their is
development and a link into the PMT in the form of Compliance,
implementation of an Information Security Incident Management, Risk
information Governance Register,
infrastructure
Develop appropriate Incident & Risk Register & Audit non compliances –
sanctions for failure to all act as sources of issues, risks and problems within
comply with the corporate the Privacy regime. The management team will be able
privacy policies and to intercept the activities in the form of access to
procedures registers and capability to intervene and resolve them.
Development and
application of corrective ““
action procedures:
www.dataprotectionofficer.com info@dataprotectionofficer.com
7. Privacy Management tool
Privacy Policy Management module
SAR and FOI Dashboard
www.dataprotectionofficer.com info@dataprotectionofficer.com