Building a Privacy Risk Framework for Accountability Through PIAs

The headwinds of new regulation, more discerning consumers, and increased demands from the business are putting pressure on organizations to grow and evolve their privacy by design capabilities. The governance, process design, and technology underpinning privacy by design is central to its ability to proactively identify and mitigate privacy risks at the onset of new business initiatives.

If an organization is developing a new product, going through an M&A, materially changing a business process, for example, then privacy should be thoughtfully embedded in those processes. For this reason, the Privacy Impact Assessment (PIA) has emerged as the lynchpin for successful privacy by design programs, and for holistic data strategies. When designed well, PIAs can help manage business risk as well as unlock opportunities to build trust with the consumer or end user. Most importantly, PIAs can help sustain compliance with GDPR, LGPD, CCPA, and the growing list of global privacy laws. Essentially, the PIA can serve as the foundation for an organization to take accountability for its high-risk data.

Program takeaways:

  • How to build a PIA framework that can establish the accountability needed to help manage privacy risk.
  • Leading practices for creating PIA/DPIA in various environments.
  • How to create streamlined workflows to collaborate with data owners to fill PIA/DPIA.
  • Approaches to mapping business processes and data flow for third-party data sharing and cross- border transfers.
  • How to identify and remediate high-risk data issues, including accessibility to external users.