Get Instant Access
to This Blueprint

Security icon

Build a Data Privacy Program

Take out data privacy’s grey areas with a quantitative approach to your program.

  • Data privacy is increasingly on the tip of our tongues, regardless of company size or industry.
  • With impending regulatory frameworks looming, business and IT leaders find themselves scrambling to ensure that all bases are covered when it comes to data privacy.

Our Advice

Critical Insight

  • Take a quantitative approach to data privacy.
  • Use metrics and a risk-based approach to drive a privacy framework that not only supports compliance but also considers the custom needs of your organization.

Impact and Result

  • Sell privacy to the business by speaking a language they understand. IT and InfoSec leaders need to see privacy as not just compliance but also a driver of business efficiency.
  • Integrate and build by developing a program that:
    • Promotes freedom of information and access to this information.
    • Establishes privacy and security standards with respect to access of this information.

Build a Data Privacy Program

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should take a quantitative approach when building your privacy program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. Collect privacy requirements

Identify the driving forces behind the privacy program and begin to assign ownership across the organization.

2. Conduct a privacy gap analysis

Understand where personal data lives and how it is handled throughout its lifecycle. Assess your current privacy maturity and begin to identify gaps.

3. Build the privacy roadmap

Identify priority gaps within your current privacy practices and begin to allocate quantifiable cost and effort values to move toward target privacy maturity.

4. Implement and operationalize

Ensure that your program is actionable by selecting relevant metrics and making them operational to support the ongoing development of privacy in the organization.


Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

9.3/10


Overall Impact

$12,744


Average $ Saved

25


Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Colorado Housing And Finance Authority

Workshop

9/10

N/A

14

Packaging Machinery Manufacturers Institute

Guided Implementation

9/10

$12,399

2

Platte River Power Authority

Workshop

10/10

$34,099

100

OCM Boces / Central New York Regional Information Center

Guided Implementation

8/10

N/A

N/A

The Regional Municipality of Peel

Guided Implementation

9/10

$2,000

5

Bermuda Monetary Authority

Workshop

9/10

N/A

N/A

St. Cloud State University

Guided Implementation

10/10

$2,479

2

Jet Support Services, Inc.

Guided Implementation

10/10

N/A

N/A

British Columbia Transit

Guided Implementation

9/10

$25,000

10

PKF O'Connor Davies

Guided Implementation

10/10

N/A

N/A

Tandem CIO

Guided Implementation

9/10

$5,085

5

Marshall University

Guided Implementation

10/10

$2,548

5

Seaboard Corporation

Guided Implementation

10/10

$12,399

10

Duquesne University

Guided Implementation

10/10

N/A

N/A

Synergy Credit Union

Workshop

10/10

N/A

N/A

Pekin Insurance

Guided Implementation

10/10

$127K

80

Heartland Co-op

Guided Implementation

8/10

N/A

N/A


Onsite Workshop: Build a Data Privacy Program

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Collect Privacy Requirements

The Purpose

  • Understand the key drivers behind privacy in your operating context and begin to assign ownership.

Key Benefits Achieved

  • Level-setting between IT and the business with respect to privacy best practices.
  • High-level understanding of risk associated with personal data collected by the organization.

Activities

Outputs

1.1

Define and document program drivers.

  • Business context and drivers behind privacy program
1.2

Establish privacy governance structure and define scope.

1.3

Build privacy RACI chart.

  • Privacy RACI chart
1.4

Build the risk map.

Module 2: Conduct a Privacy Gap Analysis

The Purpose

  • Connect with each of the business units with respect to current privacy practices and gain insight into how personal data is handled throughout the organization.

Key Benefits Achieved

  • Alignment with business unit privacy champions
  • Understanding of current state of privacy in the organization
  • Uncovered gaps in the organization’s privacy practices

Activities

Outputs

2.1

Conduct interviews and complete Data Mapping Tool.

  • Data Mapping Tool draft
2.2

Compare compliance and regulatory requirements with current privacy practices of the organization.

  • Mapped privacy control gap areas to relevant privacy laws, frameworks, or industry standards
2.3

Identify gap areas.

2.4

Review the DPIA process and identify whether threshold assessment or full DPIA is required.

  • Optional: Walk-through of DPIA tool

Module 3: Build the Privacy Roadmap

The Purpose

  • Ensure that the privacy program is functional and caters to the environment assessed over days 1 and 2 by building a custom-fit privacy initiative implementation roadmap.

Key Benefits Achieved

  • Quantitative prioritization of each of the privacy gap closing initiatives
  • High-level initiative implementation roadmap

Activities

Outputs

3.1

Complete business unit gap analysis; consolidate inputs from day 2 interviews.

3.2

Apply variables to privacy initiatives.

  • Privacy Framework Tool
3.3

Create a visual privacy roadmap.

  • Privacy roadmap and prioritized set of initiatives
3.4

Define and refine the effort map; validate costing and resourcing.

Module 4: Implement and Operationalize

The Purpose

This portion of the workshop ensures that the privacy program can be put into action and moves beyond static policies to foster the integration of privacy metrics across the organization.

Key Benefits Achieved

A full set of privacy metrics, as well as tactics to implement and monitor on an ongoing basis.

Activities

Outputs

4.1

Review outputs from days 1-3.

  • Completed Privacy Roadmap
  • Completed Data Mapping Tool
  • Review of any outstanding privacy collateral (Privacy Notice, Data Protection Policy, etc.)
4.2

Review Info-Tech’s privacy metrics and select relevant metrics for the privacy program.

  • Privacy Program Report document
4.3

Operationalize metrics.

4.4

Input all outputs from days 1-3 into the Data Privacy Report.

4.5

Summarize and build an executive presentation.

4.6

Set checkpoints and drive continuous improvement.

Module 5: Next Steps and Wrap-Up (Offsite)

The Purpose

Ensure privacy program is functional and any final aspects are included in the report back to senior leadership team.

Key Benefits Achieved

Strategic alignment of the privacy program and its objectives with those of the business and senior leadership.

Activities

Outputs

5.1

Consolidate and schedule any outstanding business unit interviews.

5.2

Complete in-progress deliverables from previous four days.

5.3

Set up review time for workshop deliverables to discuss next steps.

5.4

Operationalize metrics.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

Member Rating

9.3/10
Overall Impact

$12,744
Average $ Saved

25
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Try Our Guided Implementations

Get the help you need in this 4-phase advisory process. You'll receive 8 touchpoints with our researchers, all included in your membership.

Guided Implementation #1 - Collect privacy requirements
  • Call #1 - Scope requirements, drivers, objectives, and challenges.
  • Call #2 - Build out privacy ownership using the RACI chart.

Guided Implementation #2 - Conduct a privacy gap analysis
  • Call #1 - Review results of data process mapping business unit interviews.
  • Call #2 - Delve into the Privacy Framework Tool to identify and evaluate gaps.

Guided Implementation #3 - Build the privacy roadmap
  • Call #1 - Determine cost and effort ratio of gap initiatives.
  • Call #2 - Build out additional privacy collateral (notice, policy, etc.).

Guided Implementation #4 - Implement and operationalize
  • Call #1 - Review standard privacy metrics and customize for your organization.
  • Call #2 - Establish and document performance monitoring schedule.

Contributors

  • Alan Tang, Security Professional
  • Salvador Barragan, Director of Records & Information Governance, Pekin Insurance
Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019