What Is A Privacy Management Program
Privacy is more than a policy that you place on your website assuming that nobody will read it. For businesses, privacy is a cultural factor; it is a business enabler. In the current state of things, privacy should be an elevated component of a business’s unique selling proposition.
Why Are We Even Talking About This?
Because it’s relevant, now more than ever, your business will need a privacy management program. Given the reach of Quebec’s Bill 64, companies must prepare to prove compliance. Alongside other obligations, this Bill introduces privacy impact assessment requirements and privacy by design as a standard.
The concept of a privacy management program isn’t new. Back in 2012, the Privacy Commissioners of Canada, British Columbia, and Alberta launched a “Getting Accountability Right with a Privacy Management Program” guidance. Its purpose was to highlight what those regulators expected to find in a business’ privacy program. Their thought process focused on accountability, one of PIPEDA’s principles. Since then, privacy challenges have only increased.
What Is A Privacy Management Program?
A privacy management program is a set of mechanisms developed by an enterprise to enable privacy protection throughout the information lifecycle.
The mechanisms we alluded to above include, among others, an analysis of:
- Internal factors such as corporate culture, risk appetite, existing policies and procedures, contractual obligations, initiatives involving personal information, technologies employed by the organization.
- External factors comprising things such as an analysis of third parties who have access to the personal information you collect, compliance baseline (laws, regulations, standards), and social perception at the time of developing the program strategy.
- Company-specific requirements: How does the privacy program fit within the overall strategy?