Secrets to Success! Accountability in Global Organizations. Marisa Rogers & Jenifer Garone, Microsoft Ruby Zefo, Intel

Size: px

Start display at page:

Download "Secrets to Success! Accountability in Global Organizations. Marisa Rogers & Jenifer Garone, Microsoft Ruby Zefo, Intel"

Rodger Flowers
5 years ago
Views:

2 Secrets to Success! Accountability in Global Organizations Marisa Rogers & Jenifer Garone, Microsoft Ruby Zefo, Intel

3 AGENDA Accountability at the top Accountability across the business Assessments & Reporting Gaining Buy-In for Resources Remediation & Incident Response

4 PRIVACY ACCOUNTABILITY FROM THE TOP Tone from the top vs. Privacy Security.

5 PRIVACY ACCOUNTABILITY ACROSS THE BUSINESS Policies, Tools & Training vs.

6 PRIVACY ACCOUNTABILITY AT MICROSOFT Microsoft governs its privacy program using the hub & spoke model, with the corporate privacy team and Privacy Managers, Leads, & Champs in the organizations across the company. The hub, Trustworthy Computing, is responsible for: Policies, Standards & Procedures (PSPs) Training Tools Reporting Capacity Comms Sales & Marketing Services TwC Privacy Engineering Groups The spokes are responsible for implementation and compliance with PSPs. IT HR, Finance, Legal

7 BRINGING A MATRIXED ORGANIZATION TOGETHER Engineering Groups Business Groups Corporate Functions Services Privacy Managers Privacy Leads Sales & Marketing TwC Privacy Engineering Groups Privacy Champs IT HR, Finance, Legal

8 TwC Privacy BRINGING A MATRIXED ORGANIZATION TOGETHER Engineering Groups Business Groups Corporate Functions Privacy Managers Privacy Leads Privacy Champs Privacy Managers Privacy Leads Privacy Champs Privacy Managers Privacy Leads Privacy Champs Privacy Steering Committee Privacy Councils (e.g. marketing, advertising, enterprise, vendor) Privacy Committees (e.g. training, career development, controls)

9 Business Privacy Manager PRIVACY ROLES Scenario: Business is working with MSIT SBU to create, design, deliver applications & tools. Requirements Testing Go/No Go Deployment Review Approve Attest Consult Validation Test Plans UAT Attend Vote Review Approve Certify Consult Validation MSIT Privacy Manager Requirements Risk Mitigation Deployment Operate&Maintain Issue Resolution Consultation Validation Consultation Approve Attest Consultation Validation Risk Assessments SLT Reporting Contract Reviews Exceptions Policies&Standards Consultation Validation Escalations TwC Privacy Requirements Risk Mitigation Deployment Operate&Maintain Issue Resolution Consultation Exceptions Policies&Standards Act as Business Privacy manager when gap exists MSIT and Business Privacy jointly approach TwC for guidance Consultation Consultation PERFs Consultation Exceptions Policies&Standards Consultation Validation Escalations MSIT and Business Privacy jointly approach TwC for guidance

10 PRIVACY TOOLS PAM PAGO review tool IMS Incident & Inquiry management tool Contacts Tool Coverage report by org PrivPub EGRC Archer Streamlined Risk Assessment (SRA)

11 PRIVACY TOOLS HOW DO I HANDLE AN EXCEPTION REQUEST?

QUIZ - TONE AT THE TOP If you have something that you don t

first place. You have zero privacy anyway. Get over it.

12 QUIZ - TONE AT THE TOP If you have something that you don t want anyone to know maybe you shouldn t be doing it in the first place. You have zero privacy anyway. Get over it. In reality, we wouldn't share your information in a way you wouldn't want... The trust you place in us as a safe place to share information is the most important part of what makes this work.

13 ASSESSMENTS/METRICS REPORTING Everyone can do some metrics! Yes, you.

14 EXAMPLE ASSESSMENT: PRIVACY ACCOUNTABILITY Key: Green = Completed; Yellow = In Process; Red = At Risk

Privacy Policies Accountability Identify and Classify Incident and Breach Response Notice Use Access & Accuracy Training Privacy by Design 3rd party transfer International transfer Retention &

15 Privacy Policies Accountability Identify and Classify Incident and Breach Response Notice Use Access & Accuracy Training Privacy by Design 3rd party transfer International transfer Retention & Disposal Security Subsidiary EXAMPLE PRIVACY MATURITY ASSESSMENT Current Status Current = ~2 Status Goal State = 2 Goal = 3 State = 3 High 5 - Optimized 4 - Managed 3 Defined x Recommended minimum for processing XYZ data x 2 - Repeatable x x x x x x Low 1 Ad hoc x x

16 Creating a PAM Assessment EXAMPLE PRIVACY IMPACT ASSESSMENT Policy Approval Manager 16

17 EXAMPLE PRIVACY PROGRAM METRICS Metrics via Score carding

18 EXAMPLE PRIVACY PROGRAM METRICS Org Engagement - June 2013 Privacy Review volume - YOY

19 EXAMPLE PRIVACY PROGRAM METRICS Volume YTD July Aug Sept Oct Nov Dec Jan Feb Mar April May June Privacy Program Monitoring Privacy Inquiries/Reviews

20 OBTAINING RESOURCES What do all these have in common?

21 REMEDIATION & INCIDENT RESPONSE

22 MANAGING INCIDENTS

23 KEY TAKEAWAYS Privacy as a business enabler Measure, measure, measure people do what they re measured on Leveraging like-minded roles Have a privacy elevator pitch!

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant