www.informationpolicycentre.com 1. the role of privacy risk framework and risk-based approach in...
TRANSCRIPT
![Page 1: Www.informationpolicycentre.com 1. The role of Privacy Risk Framework and Risk-Based Approach in Delivering Effective Privacy Compliance Bojana Bellamy](https://reader036.vdocuments.site/reader036/viewer/2022082713/5697c0061a28abf838cc5b35/html5/thumbnails/1.jpg)
1www.informationpolicycentre.com
![Page 2: Www.informationpolicycentre.com 1. The role of Privacy Risk Framework and Risk-Based Approach in Delivering Effective Privacy Compliance Bojana Bellamy](https://reader036.vdocuments.site/reader036/viewer/2022082713/5697c0061a28abf838cc5b35/html5/thumbnails/2.jpg)
The role of Privacy Risk Framework and Risk-Based Approach in Delivering
Effective Privacy Compliance
Bojana BellamyInternational Privacy Commissioners’ Conference, Mauritius
October 2014
![Page 3: Www.informationpolicycentre.com 1. The role of Privacy Risk Framework and Risk-Based Approach in Delivering Effective Privacy Compliance Bojana Bellamy](https://reader036.vdocuments.site/reader036/viewer/2022082713/5697c0061a28abf838cc5b35/html5/thumbnails/3.jpg)
3www.informationpolicycentre.com
Why is Privacy Risk “In”?
It has always been “in”, but with a different focus – Risk to organisations v. Risk to individuals (tangible and non-tangible harms /negative impact from data processing)
Modern information age requires an evolved interpretation and implementation of privacy principles and innovative models of co-regulation and compliance
The need to translate abstract goals of privacy and fundamental rights into more understandable, concrete and implementable steps to non-experts
Risk-based approach does not replace existing law, privacy principles, accountability and regulatory supervision, but calibrates compliance – based on context , severity, likelihood
Risk assessment is an increasing legal requirement and an element of organisational accountability
![Page 4: Www.informationpolicycentre.com 1. The role of Privacy Risk Framework and Risk-Based Approach in Delivering Effective Privacy Compliance Bojana Bellamy](https://reader036.vdocuments.site/reader036/viewer/2022082713/5697c0061a28abf838cc5b35/html5/thumbnails/4.jpg)
4www.informationpolicycentre.com
Benefits of a Risk-based Approachto Privacy
Effec
tiven
ess
Organisations Prioritisation; predictability; ROI in
compliance; protection of reputation and shareholder value
DP regulators Prioritisation in oversight, enforcement, sanction
Law and policy makersSmart regulation = calibrated and context driven; outcome based;
technology neutral
Individuals Real protection
Society Enables economic growth, societal
benefits and protection of fundamental rights
Prospects to improve global interoperability by creating common expectations, common best practices and common outcomes
![Page 5: Www.informationpolicycentre.com 1. The role of Privacy Risk Framework and Risk-Based Approach in Delivering Effective Privacy Compliance Bojana Bellamy](https://reader036.vdocuments.site/reader036/viewer/2022082713/5697c0061a28abf838cc5b35/html5/thumbnails/5.jpg)
5www.informationpolicycentre.com
Organisational Accountability andPrivacy Management Program
Accountability and Effective Compliance
Leadership & Oversight
Risk Assessment
Policies & Procedures
Privacy by Design
Training & Communication
Verification and Audits
Response and Enforcement
![Page 6: Www.informationpolicycentre.com 1. The role of Privacy Risk Framework and Risk-Based Approach in Delivering Effective Privacy Compliance Bojana Bellamy](https://reader036.vdocuments.site/reader036/viewer/2022082713/5697c0061a28abf838cc5b35/html5/thumbnails/6.jpg)
6www.informationpolicycentre.com
Risk Assessment Calibrates Privacy Program and Compliance
Risk Assessment
At program level
Determines the program
and the elements
Periodic program
assessment v. internal and
external risks
Adjusting elements of the program
At element and requirement level
New product, service,
technology (PIA, PbD)
Legitimate Interest
ProcessingSecurity Data Breach