It has been great talking in-depth about privacy issues over the past two days here at the IAPP Privacy Academy.
We had a great turnout for the pre-conference seminar; the room was filled to the 60-person capacity. It was good to hear the concerns and common practices of the diverse organizations for how they are providing privacy training and awareness.
One of the areas mentioned several times by during my discussions with attendees was that of incident response. It is very important for the privacy office to understand that they must work with the information security and IT areas to create their own privacy incident and breach response plans. The two cannot be efficientlly or effectively managed separately; trying to do so will result in significant gaps and/or significant conflicting actions.
The privacy office and the information security office must work together on many overlapping responsibilities and actions; a few of which include:
* Defining an incident. There are many types. Information security must know which ones have privacy impacts, and privacy must know which ones have information security impacts. Both areas involved must receive training and ongoing awareness to stay current about these.
* Defining and documenting PII. Information security and privacy must have a clear definition of the personally identifiable information (PII) within the organization, and must know where it is located and who touches it. You can’t know if a privacy breach has occurred if you don’t know where your PII is at. Training and ongoing awareness about these issues must occur to make breach and incident response effective and efficient.
* Roles and responsibilities. Information security and privacy must each have well defined roles and responsibilities within the information security and privacy incident and breach response plan. Those filling the roles must receive training for how to effectively fulfill their roles.
And there are so many other related issues.
I cover these and all the other activities that must be thought about and documented within a plan for how to respond to a privacy breach within a webinar I am giving a week from today on Tuesday, October 30, “The Anatomy of a Privacy Breach.”
If you are responsible for information security and/or privacy, or will be participating in incident response or breach notification, join me to ensure your plan covers all the activities and issues that are important for response that will result in the minimum impact to your organization.
If you need to get training for how to create your information security and privacy incident response plan, then this is a way to get it without leaving your office.
Tags: awareness and training, IAPP, Information Security, IT compliance, online training, policies and procedures, privacy, Privacy Academy, privacy training, risk management, security training