Add to collection(s) Add to saved
  1. Business
  2. Management

Risk-based Privacy Maturity Model

advertisement 
Ki Consulting
IT Management Advisory
www.kiconsulting.ca
Ki Consulting Risk-Based Privacy Maturity Model (RPM)
Business Tools
Risk Measurement & Control
Implementation
0. Forms
Documents and forms
related to privacy
1. Procedures
Some procedures and
knowledge present
throughout the
organization
0. Feedback
General feedback or
complaints from public
1. Checklists
Checklists developed to
ensure that measures
recommended by privacy
commissioner are in place
2. Policy
Several privacy documents
which may not be
consistent with each other
Breach reporting and
notification process
Privacy FAQ
2. Issue Management System
Tracking system for privacy
incidents, complaints, and
updates to personal
information
3. Process
A consistent, defined
process to document, track,
and report on
incidents/breaches
A knowledge base of
privacy resources, laws,
and standards
3. Mitigation Planning
An action plan to mitigate
issues identified in
assessments or audits
0. Chaotic
No process for
implementing practices
1. Initial
Responsibility for privacy is
held by a staff member with
minimal privacy training
Some information on
privacy practices is
available to the public
2. Active
There is a privacy officer
Assessments are carried out
but recommendations are
not implemented
Contracts with data
recipients/service
providers include privacy
requirements
Regular internal
communications (e.g.,
privacy newsletters)
Privacy policy available to
the public
3. Performance management
Privacy training used to
improve performance
Performance measurement
related to data releases
Follow-up and reporting on
implementation of risk
mitigation plans
Executive reporting using
privacy performance
indicators
4. Governance
A developed privacy
program is appropriately
staffed to create or deliver
business tools, implement
risk control and
4. Risk-based
Objective risk metrics are
used to quantify, evaluate
and report on privacy risks
All data use, retention, and
disclosure is subject to risk
Ki Consulting
www.kiconsulting.ca
validation
measurement, and follow
up on implementation
A privacy working group
oversees privacy activities
and ensures implementation
across all lines of business
Related documents
“Contrasting the early 19th versus early 21st Centuries”
“Contrasting the early 19th versus early 21st Centuries”
Central Missouri Cardiovascular Associates P
Central Missouri Cardiovascular Associates P
Privacy Confidentiality Minor
Privacy Confidentiality Minor
IAPP presentation - International Association of Privacy Professionals
IAPP presentation - International Association of Privacy Professionals
Maintaining Privacy and Dignity in Care (Fiona Throp)
Maintaining Privacy and Dignity in Care (Fiona Throp)
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
New Patient Information Form
New Patient Information Form
Download
advertisement