What is Privacy and It's Governing Principles?

What is Privacy and It's Governing Principles?

Privacy is key concern for customer's, people's  and employee's confidence. Privacy governance enables companies to expand their business scope across various geographies in compliance with geographical privacy regimes. Having a strong privacy safeguards deployment also enables adoption of various technologies including cloud technology for business expansion. There are multiple channels like web, social media , instant messaging , partner networks through which organizations are trying to understand customer’s purchasing habits and present the related service and product to them. In this process companies  are collecting lot of customer personally identifiable (PII) data without understanding the implication of incorrect use of this data and having loose protection controls. Organizations needs to follow the basic privacy principle while dealing with privacy data. Largely accepted privacy principles are from Organization for Economic Cooperation and Development (OECD).  So, let us understand what exactly is meant by privacy and governing privacy principles.  

What is Privacy?

The definition of privacy varies depending on social and cultural issues, stakeholder interests, and application context.

Popular privacy definitions include “the right to be let alone” by Justice Louis D Brandeis, focusing on freedom from intrusion, and  “the right to informational self-determination”, allowing individuals to control, edit, manage, and delete information about themselves and decide when, how and to what extent that information is communicated to others.

It recommends that following OECD Privacy Principles should be followed while designing their privacy governance initiative 

  1. Collection Limitation
  2. Data Quality
  3. Purpose Specification   
  4. Use Limitation                  
  5. Security Safeguards       
  6. Openness
  7. Individual Participation
  8. Accountability  

The rigor of privacy deployment depends on privacy requirements and cultural expectations. Following are the use cases where privacy governance needs to be considered 

  • If you are dealing with customer/employee personally identifiable information (PII), medical information. 
  • Rapid change of technologies like use of cloud , social media , mobile computing
  • Performing data analytics and planning to consider secondary use of personal information.
  • Planning to outsource your business function to third party or partners and sharing personal data with them for processing

Privacy governance function should be taken up by dedicated senior management person like privacy officer or privacy protection manager. Privacy committee should be established comprising of representative from senior management, business units, HR, Legal, IT, third party management. Privacy committee should closely interact with organization IT security organization.

Privacy Governance Approach

  • Privacy requirement gathering and planning to consider business requirements, applicable privacy regulations, PII data flow through various IT systems like web, CRM, HR system, e-mail, messaging , backup systems, social media .
  • Definition of Roles and responsibilities of privacy officers and privacy committee
  • Review exiting security, HR policies and enhance or create new policy to meet privacy requirements.
  • Conduct Privacy Impact analysis (PIA) your IT applications when new application is created or application is changed due to some business requirements or IT function is outsourced
  • Privacy training to employees and stakeholder including third parties 
  • Define privacy safeguarded and security controls , make decisions on privacy enhancing technologies like DLP, Data Masking, Encryption technologies  
  • Keep monitoring industry- and country-specific regulations developments
  • Keep monitoring privacy governance  initiative

Conclusion

Success of privacy program depends thoroughly upon understanding privacy domain, requirements, required privacy compliances and designing the privacy program based on well-known privacy principles and customizing these further as per the geo graphical or industry specific requirements.  Success also depends upon selection and deployment of appropriate policy and procedures and deployment appropriate privacy technology and then monitoring it.

Authored by Satish Kulkarni

Rate this article: 
0
No votes yet
Article category: 
Keywords: 

Comments

Thanks for the wonderful article on Privacy. Though I was aware of some aspects of it, it has enlightened me with Privacy specific aspects like OECD principle for Privacy Governance and the pointers mentioned under Privacy Governing Approach. Frankly, I was not aware of Privacy Impact Analysis (PIA) concept. Reading this article, has provoked me to read more about Data Privacy. 

As a practical matter, I believe we are seeing a shift in privacy expectations. For the older generation, it's "You can't have/shouldn't ask for my personal information". For the more techically-savvy and socially networked generation, there is a lot more willingness to share personal information to obtain the related features and benefits, but there is an expectation that those who gather their information will protect it adequately, as outlined in this article.

Pages