Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for Preparedness and Prevention

509 views

Published on

Learn actionable steps to provide a high-level plan for implementing a privacy program in conjunction with your existing organizational RIM/IG program(s).

Want to follow along with the webinar replay? Download it here for FREE: https://info.aiim.org/data-privacy-for-the-im-practitioner-practical-advice-for-preparedness-and-prevention

Published in: Technology
  • Be the first to comment

  • Be the first to like this

[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for Preparedness and Prevention

  1. 1. Underwritten by: #AIIMYour Digital Transformation Begins with Intelligent Information Management Data Privacy for the IM Practitioner: Practical Advice for Preparedness and Prevention Presented February 26, 2020 Note – the art of this cover slide will change. Data Privacy for the IM Practitioner: Practical Advice for Preparedness and Prevention An AIIM Webinar presented February 26, 2020
  2. 2. Underwritten by: Today’s Speakers Kevin Craine Content Strategist, AIIM Host of AIIM On Air John Montaña, J.D., FIIM, FAI VP, Information Governance at Access CEO, Montaña & Associates an Access Company Host: Theresa Resek, CIP VP, Market Intelligence AIIM
  3. 3. Underwritten by: Kevin Craine Content Strategist, AIIM Host of AIIM On Air Introducing our Speaker
  4. 4. Underwritten by: Driving Demand for Data Privacy • Data privacy is on the mind of C-Suite leaders in all industries. • No organization is safe from potential cyber theft and intrusion. • In 2019, 2.7 billion identity records were exposed by hackers and placed for sale on the internet. • Legislation worldwide has become increasingly strict. • Expectations are ever-evolving. • Perception is everything in the eyes of the market.
  5. 5. Underwritten by:
  6. 6. Underwritten by: Volume, Velocity, and Variety • Organizations anticipate the volume of information will grow from X to 4.5X in the coming year. • Over 60% of that information sprawl is unstructured. • Organizations are embracing technologies and approaches that automate governance and compliance. • According to AIIM research, 51% of organizations say that they are planning to spend “more” or “a lot more” on information governance over the next 18-24 months.
  7. 7. Underwritten by: Inevitable and Costly • Experts tell us that the question is not IF it will happen, but WHEN. • The chances of being struck by lightning = one in a million. • The chances of organizations getting hacked this year = one in four. • The average total cost of a single data breach is estimated at nearly $4 million. • That calculation can certainly be much higher – legal expense, fines, and penalties; the loss of goodwill in the market.
  8. 8. Underwritten by: Recommendations Implement a formal approach. Have a plan and stick to it. Regularly (annually) review, evaluate, and update your plan as needed. Place the privacy and security of information on the front burner of strategic concerns.
  9. 9. Underwritten by: John Montaña, J.D., FIIM, FAI VP, Information Governance at Access CEO, Montaña & Associates an Access Company Introducing our Speaker
  10. 10. Underwritten by: You say that Legislators don't understand how large companies work. What do you mean by that?
  11. 11. Underwritten by: Legislation is Created in a Silo Just knowing what’s there – it’s a lot of law, in a lot of places Outright conflicts – minimum retention requirements versus maximum permissible retention Interpreting dated or vague laws IT configuration – how to make it all work in a big IT environment Administrative complexity – how to manage dozens or hundreds of unique requirements
  12. 12. Underwritten by: What are some of the considerations that IIM pros must deal with that legislators miss in the mix?
  13. 13. Underwritten by: Considerations for Applying Privacy Legislation Applying Legislation to Today… Taking into Account Yesterday… Legislation was written without consideration for: • Back file of old IT systems and physical boxes of records • Most IT systems available when the laws were written are not capable of applying law • Even if capable, they are often not configured in a manner that supports being compliant • Non-compliant implementations are difficult to undo
  14. 14. Underwritten by: Let’s talk about specific steps to build an effective privacy plan. You say it’s important to start with a thorough understanding of the current capabilities within the enterprise. Isn’t that just more “analysis paralysis?”
  15. 15. Underwritten by: Utilize Project Management Principles 1 2 3 4 5 Develop a clearly written initial project scope / charter / documentation Develop a high-level project roadmap / framework • What industry / data types you are trying to apply “privacy” to • What is the information life-cycle for PII / SI? • Establish a timeline with realistic milestones • Regularly adjust / incorporate PIA findings Clearly establish roles / responsibilities – decision rights • Chief Privacy Officer (CPO) / Data Protection Officer (DPO) • Privacy Office (PO) Develop a communication / marketing plan Prepare a budget
  16. 16. Underwritten by: Now that I’ve surveyed the technical environment... what’s next? What are some steps to build a meaningful project plan?
  17. 17. Underwritten by: Building the Privacy Program Core Components Review Create inventory of Personal Information Banks (PIBs) Develop staff education and awareness training and collateral and Communication plan Post Privacy Policy and Principles on the organization’s website Develop Privacy Notice signage and arrange for posting in relevant areas (such as those with video capture) Actually apply the retention schedule and purge data that is not needed Do not collect unnecessary data that is not required or contains PII
  18. 18. Underwritten by: Once I have a plan, I’ve got to sell it...not only to company executives, but also other stakeholders (regulatory boards). Can you outline some success tips for gaining support and buy-in?
  19. 19. Underwritten by: Building Relationships with Stakeholders Stakeholders are - ALL Staff / Third Parties / Customers that contribute, come in contact with or are affected by PII / SI • Customers • Shareholders • Steering CommitteeAssurance Groups – Legal, Audit, Compliance, Risk HR Operations – Sales, Marketing, R&D, Field Workers etc. Chief Privacy Officer (CPO) / Data Protection Officer (DPO) Third-Parties / Contractors Regulatory Agencies Privacy Office (PO) Board of Directors / Executive Team IT
  20. 20. Underwritten by: What about getting front-line workers onboard to adapt and use new and changed systems and policies?
  21. 21. Underwritten by: Privacy Training Appropriately Train ALL staff and Third-Parties Types of training Do not overcomplicate Market your privacy program • Train the trainer • Executives are not exempt • CBT • Live / In-person • Manuals / Guides • Workshops • Keep language simple/ keep cultural differences in mind • Recognize top performers Frequency of the training • Annual • New Hire • Incident Based • Third party / Contractor Test the Privacy Incident Response Plan • Send out mock phishing emails • Where is more training needed • Log results – training & testing Everyone who belongs to, or works with, an organization is responsible to protect the PII / SI of the company and associated stakeholders!
  22. 22. Underwritten by: One thing that is certain, the rate of change is not going to slow down. How can we design our privacy programs so that they will be flexible and adapt to changes in regulations, technologies and market expectations?
  23. 23. Underwritten by: ChangeLegislation Preparing for the Only Constant: Change
  24. 24. Underwritten by: How Organizations Can Successfully Move Forward Level Set Expectations Understand Current Capabilities Make Your Case Change Is Your Only Constant
  25. 25. 25 | Copyright © 2020 Access - Confidential
  26. 26. 26 | Copyright © 2020 Access - Confidential AccessCorp.com 877-345-3546 John Montaña Vice President, Information Governance john.montana@montana-associates.com
  27. 27. Underwritten by: #AIIMYour Digital Transformation Begins with Intelligent Information ManagementYour Digital Transformation begins with Intelligent Information Management

×