How To Do Privacy Impact Assessments

Last week I was very fortunate to be able to speak at the IAPP Privacy Academy in Boston…


Besides giving a 1/2 day preconference seminar with a couple of brilliant lawyers…Peter Adler and Patrick Feehan…I also had the opportunity to give a session during the conference.
I also had the great pleasure of talking with several privacy practitioners about privacy impact assessments (PIAs). I am currently leading a PIA as part of work I’m doing for NIST to help them identify privacy concerns with the SmartGrid plans.
The 1st draft of the PIA will soon be published in their NISTIR. It is very interesting to me to participate in this process.
The first draft of the PIA report I provided, along with my co-writers Dr. Christophe Veltsos and Ward Pyles, to NIST was 22 pages long. However, after NIST got through doing their edits to make the report fit in with their full report of security and other issues, it was only 7 pages long, with what I consider to be the heart of the privacy issues section showing 10 specific privacy concerns cut completely from the report. I am going to work to get these incorporated back into the report through the updates to the NIST report which will occur over the next few months.
I will point to the table that was cut from the NIST SmartGrid in my next post.
Do you perform PIAs in your organization? They provide tremendous value and help you to reveal significant privacy concerns with how you are doing your business.
I will be showing how to do PIAs in a 1-day class I’m giving next month, on October 25, in the Washington D.C. area right before the CSI conference, “Unified Information Security and Privacy Management.”
In this class I will provide some tools to help the attendees to do PIAs on their own whenever they get back to their organizations. I will also use the NIST SmartGrid PIA as a case study.
You can get a $100 discount off “Unified Information Security and Privacy Management“!
If you or your colleagues are interested and able to attend the class at a bit lower price, you can save $100 each by using the code RHCG09 in the registration form. If three or more of you attend from the same organization, you will each also receive an additional $100 off; for a total of $200 saved off the price for each attendee.
It would be great to meet you there!
Here is the class description:

Unified Information Security and Privacy Management
Successful programs require the two strategies to be complementary and integrated throughout all of the enterprise–within every business process stage and at every level within the organization. How can companies effectively work to ensure information security, privacy and compliance areas collaborate to make initiatives most successful?
This workshop will provide practical knowledge and tools that information security, privacy and compliance practitioners must have to address complex privacy and information security issues within the organization, as well as learn how other organizations are handling these privacy and information security challenges.
You Will Learn
•How privacy and security teams can effectively work together
•Key privacy and security trends
•How to use tools and metrics valuable to both areas
•To obtain key information about how to perform privacy impact assessment, breach response, and vendor reviews
•About many resources and tools to successfully meet these complex and difficult challenges immediately

Tags: , , , , , , , , , , , , , , ,

Leave a Reply