Professional Documents
Culture Documents
Todays Speakers
Hilary Wandall
General Counsel & Chief Data Governance Officer
TRUSTe
Scott Taylor
AVP Compliance & Chief Privacy Officer
Merck & Co., Inc.
Barbara Lawler
Chief Privacy Officer
Intuit
2
TRUSTe Inc., 2016
Todays Agenda
Core Responsibilities
Making it Operational
Addressing the EU GDPRs DPO Requirements
Q&A
3
TRUSTe Inc., 2016
How the role has developed over more than a half century
1970s: First Privacy Officer positions were created in Germany
1991: First CPO appointed in the U.S. in 1991
2002: International Association of Privacy Professionals (IAPP) created
2003: HIPAA Privacy Officer positions required in the U.S.
2007: EU WD 153 - Elements and Principles for BCRs - Governance
2011: Designated individual required by APEC Cross-Border Privacy
Rules
2004-2014: Data Protection Officer (DPO) roles required outside U.S.
and EU, such Canada, Colombia, Ghana, India, Israel, Korea, Mexico,
Montenegro, Philippines, Russia, Singapore, South Africa, Ukraine
2016: U.S. Federal Agencies required to appoint a Senior Agency
Official for Privacy (SAOP)
2018: GDPR requires appointment of mandatory DPOs with specific
statutory criteria for expertise, professional qualities, responsibilities,
resourcing, independence and reporting
Privacy Insight Series
- truste.com/insightseries
v
5
TRUSTe Inc., 2016
Core Responsibilities
Privacy notices
Consents
Opt-outs
Contracts
Security program
Breach management
and notification
Complaint and
individual rights
requests handling
Accountability
& Stewardship
Regulatory Compliance +
Management ownership
Privacy leader or team
Comprehensive policies
Awareness and training
Risk assessment
Privacy by design
Ongoing assurance
Continuous improvement
Strategic Data
Governance
Accountability +
Holistic approach
Interoperable across
jurisdictions
Data as an asset
Integrated with other
data-driven
obligations, e.g..:
data security
IP & trade secrets
e-discovery
records management
7
TRUSTe Inc., 2016
8
TRUSTe Inc., 2016
DEMONSTRATION
EFFECTIVE APPROACH
OVERSIGHT
Privacy Framework
Commitment
Solid policies aligned to
external criteria
Management commitment
Full transparency
Integrated Governance
Implementation
Mechanisms to ensure
policies and commitments
are put into effect with
employees
Validation
Monitoring and assurance
programs that validate both
coverage and effectiveness
of implementation
Privacy in products
and services
Products
Ecosystems
Making it Operational
12
TRUSTe Inc., 2016
14
TRUSTe Inc., 2016
DPO
Competencies
Role and
Responsibilities
16
TRUSTe Inc., 2016
Questions?
Contacts
Hilary Wandall
Scott Taylor
Barb Lawler
hilary@truste.com
scott.taylor3@merck.com
barbara_lawler@intuit.com
Thank You!
Details of our 2016 Summer/Fall Webinar Series are now available. Register
now for our next webinar on October 21 Building a Privacy Governance
Program