Privacy is the expectation that personally identifiable information (PII) will be used in a proper and appropriate manner. Privacy management deals with the protection of personally identifiable information and how the rights of the person providing the information are affected and enforced. The presentation will discuss how to incorporate privacy requirements into your overall enterprise and IT environment to build trust. The presentation will focus on trends driving privacy requirements in the public sector and how an enterprise privacy framework can be developed that can help agencies manage and handle the sensitive personal information they keep on employees and customers appropriately to meet these these requirements. The session will also highlight key differences and dependencies between security and privacy while developing a privacy framework.
Privacy laws, concepts, customs, and practices vary dramatically between countries, and the responsibility is increasingly on individual companies to know the difference and comply accordingly. Public and private efforts are underway to create global standards, seals, and technologies that will help organizations understand, define, communicate, instill, monitor, measure, and reaffirm privacy and security.
The session will cover the key touch points between the confidentiality aspects and Privacy, and how technical implementation of security plays an important aspect of data sharing.
If you have had to deal with any of the following questions, you’ll find the session useful.
1. Does your organization have a privacy policy? If so, how do you ensure your organization’s systems and processes are aligned with that policy?
2. Where do employee and customer data enter your organization? Who touches it? How is it shared with partnering agencies and your business partners? Where does Medical and other sensitive data reside, either temporarily or permanently?
3. What could happen if an unauthorized party gets access to your customer (constituent) or employee data?
Presenter:
Mark Ford, CISSP
Principal – Deloitte & Touche LLP
Mark is a Principal in our Security and Privacy Services practice leading our Global Identity Management practice & North Central region. Mark also helped found our Identity Management service line and currently leads the practice on a global basis. His experience in the information protection profession goes back over 20 years starting as an officer in the U.S. Army Military Intelligence Corp and including 10 years of information security and controls consulting with public accounting firms. In those years, he has had extensive experience in assessing, designing and implementing enterprise Security, Privacy and Controls solutions for a multitude of commercial and government clients. These experiences include the assessment and integration of solutions from technology solutions such as Web Single Sign-on or user account provisioning to broad-based risk management and control frameworks that help clients address major compliance requirements such as EU, HIPAA and Sarbanes-Oxley. Mark has served in a variety of industries including automotive, banking, insurance, healthcare, and retail. Mark is a Certified Information Systems Security Professional (CISSP).
