Overview of Privacy Management Reference Model 2 Use

  • Slides: 8
Download presentation
Overview of Privacy Management Reference Model 2. Use Case • Actors • Data Flows

Overview of Privacy Management Reference Model 2. Use Case • Actors • Data Flows • Touch Points • Initial PI 3. PI - at Touch Points • Internal • Out 4. PI Operational Privacy Policies • Inherited • Internal • Exported 5. Privacy Management Services at each Touch Point – Policies • Define policy 1. Scope of Application requirements associated with each Service 6. Privacy Management Services at each Touch Point – Operational Functions • Define functions associated with each service 7. Risk Assessment and Iteration

Phase 1: Scope of Application DEFINE SCOPE OF APPLICATION IMPACTING PERSONAL INFORMATION • Define

Phase 1: Scope of Application DEFINE SCOPE OF APPLICATION IMPACTING PERSONAL INFORMATION • Define the particular business system, process(es), product(s), environment, service(s), system(s), data, and application(s) which will impact the collection, communication, processing, storage or destruction of PI or PII

Phase 2: Use Case Develop a Use Case that can be used to conduct

Phase 2: Use Case Develop a Use Case that can be used to conduct a privacy impact assessment or Accountability Review and the subsequent application of the PMRM Provide details of the business processes and data flows using a data lifecycle description model Provide the level of detail needed to include all actors, touch points , processing and other data management actions, and policy points • • Actors Data Flows Touch Points Initial PI

Phase 3: PI - at Touch Points Define PI collected, processed, communicated, stored and

Phase 3: PI - at Touch Points Define PI collected, processed, communicated, stored and destroyed • Flows in • Internal • Flows out

Phase 4: PI - Operational Privacy Policies Define policy requirements systemwide and, if necessary,

Phase 4: PI - Operational Privacy Policies Define policy requirements systemwide and, if necessary, associated with each touch point Define FIP/Ps expressed as operational requirements linked to each PI element or sets of PI elements at each Touch Point

5: Services at each Touch Point – Policy Select PMRM services necessary to support

5: Services at each Touch Point – Policy Select PMRM services necessary to support policy requirements • Core Policy, Assurance, Presentation and Lifecycle Define the operational policy requirements associated with each service

Phase 6: Services at each Touch Point – Operational Functions Define implementation mechanisms to

Phase 6: Services at each Touch Point – Operational Functions Define implementation mechanisms to support the policy requirements associated with each service Conduct detailed operational risk assessment Select controls needed to mitigate risks Determine if changes are needed and modify controls, mechanisms, operational requirements and policies as necessary

Phase 7: Risk Assessment Conduct detailed operational risk assessment Select controls needed to mitigate

Phase 7: Risk Assessment Conduct detailed operational risk assessment Select controls needed to mitigate risks Determine if changes are needed and modify controls, mechanisms, operational requirements and policies as necessary