Our Privacy Services include Privacy Impact Assessments, Attestation Service, and Governance Workshop
Privacy Impact Assessments
1. What is a PIA?
A Privacy Impact Assessment or PIA is a process meant to determine the amount of risk inherent in a particular proposed activity or product. The goal of this is to find the risk before it becomes an issue, taking a proactive role. This type of preemptive measure is best described in frameworks such as Privacy by Design.
2. Privacy Ref’s Hosted PIA
The Hosted PIA Service is both a cost-saving measure and an effective means to quickly implement privacy impact assessments for an organization. There are two components to this service, performing PIAs and the administration of the PIAs.
2.1 Performing PIAs
Once a new project or activity is launched, a PIA should be run. This should find any particular risks that this project poses to the organization or the data subject. Privacy Ref will help to run the PIA by working with the owners of the particular project, either a business group or individual at your organization. Privacy Ref will walk these individuals through the process to make sure questions are answered correctly.
The PIA will generate findings of potential risks as well as additional information required if necessary. Privacy Ref has created feedback forms for record-keeping purposes that can be customized. These act as a way to track PIAs as well as maintain records for regulatory purposes.
2.2 PIA Administration
Prior to performing a PIA, the actual survey will need to be set up. Privacy Ref will take this responsibility and make sure that PIA surveys are ready to go when needed.
Additionally, after a survey is completed, Privacy Ref will be able to analyze surveys or assessments to determine if further work is needed or risks need to be mitigated. Privacy Ref will also monitor the instance for new surveys or assessments that have been completed by individuals at your organization.
Once you have researched the laws and regulations you are required to meet, established your organization’s policies and procedures, and rolled out your privacy program to the organization, a couple of questions remain.
- How do you know the privacy program is working?
- How do you verify that policies and procedures in place are being adopted?
- How will you address the situation if they are not?
Privacy Ref’s Attestation Service implements a tailored privacy compliance program without the associated overhead to manage it. With this service employees and third-party processors periodically attest to meeting their responsibilities, including providing supporting evidence. Privacy Ref will analyze the responses and then deliver easy to understand reports containing action-oriented steps to focus on filling any gaps in compliance. Privacy Ref will implement, manage, and maintain the whole system, allowing your privacy program to continuously evolve and improve while being assured compliance is being maintained.
Privacy Governance Workshop
Ensuring that your privacy team members are working in a common direction is fundamental to the success of your program. Whether you have a group of dedicated privacy professionals or a core team comprised of part time participants with other responsibilities, being clear about the goals, objectives, strategies, and activities to be undertaken is vital.
Privacy Ref’s Governance Workshop allows your privacy team to establish a common foundation for a privacy program and its related activities. If you are establishing a new privacy program or need to reground your current program, this workshop provides the opportunity to develop the foundational components for your privacy program. The Governance Workshop allows you to put privacy program management theory into practice. Activities include:
- Defining your mission/vision statement
- Defining your scope
- Identifying your participants and stakeholders
- Defining the privacy program activities
- Defining your extended team
- Mechanisms to measure compliance with your program
- Tools to estimate the cost of a data breach
- Methods to compare your program to an industry-standards
The Workshop can take place either in person or via video conferencing over two days. We recommend that privacy stakeholders from outside of your privacy team be invited to participate.