""

 

How to Build a Privacy Program

How to Build a Privacy Program

Creating or further developing a privacy program is no simple thing. An effective and successful privacy program is built not just on knowledge of the relevant laws and how to comply with them, but also on proactive strategies, persuasion, political savvy, adaptability and a passion to get an exciting new organizational function up and running. This topic page offers tools, guidance and research to help you achieve your goal.

Featured Resources

2023 here we come: Prepare your privacy program

It may feel early to start planning for 2023. However, new U.S. state privacy laws, new laws in Brazil and China, and updates in India and the EU are headed our way, with more likely to follow. This article sets out steps to help companies get organized and head into 2022 with a meaningful strategy for 2023.
Read More

Privacy Program Management, 3rd Edition

This IAPP textbook provides the critical knowledge necessary for anyone responsible for managing privacy program governance and operations. Reorganized with expanded topics relevant to privacy program leaders, the third edition takes a global view of privacy managers’ obligations and practices.
Read More

Tips for Building Your Privacy Operations

In this web conference WireWheel CPO, Rick Buck, leads a discussion with a consultant from Grant Thornton and an experienced CPO to learn, a framework for privacy assurance, lessons from creating and building privacy programs and tips on where to get started.
Read More


Latest News and Resources

Web Conference: Data Retention: The Blind Spot in Your Privacy Program

Original broadcast date: 29 March 2022 In this web conference you will learn how understanding and maintaining up-to-date data retention strategies is one of the numerous obstacles privacy professionals deal with and is often the blind spot in the privacy program especially with the varying laws across jurisdictions. You will also learn how organizations can integrate enforcement of policies like data retention, data minimization, access requests, etc., across the organization’s IT ecosystem. Read More

Assessing risk: Determining the appropriate risk flags for your privacy risk assessments

The privacy technology market has been flooded with tools over the past few years — you need only look at the size of the IAPP Tech Vendor report to see it. And while these tools can massively accelerate and support privacy programs, they aren't a silver bullet. All privacy technology requires configuration to meet the specific needs of the business, and that involves expertise — in other words, a privacy professional making informed decisions about how best to implement and operate it within yo... Read More

Web Conference: Marketing and Consumer Experience Perspectives to Enhance Your Privacy Program

Original broadcast date: 3 February 2022 In this web conference, panelists discuss marketing and growth perspectives on privacy, how to collaborate and discuss privacy with marketing teams, and how to navigate complex advertising and marketing ecosystems. Viewers will get up to speed on techniques that build value while honoring values, and turn their privacy program into a growth engine that builds brand value, optimizes data utilization, and enhances the consumer experience. Read More

Web Conference: The Road to Continuous Compliance: How Future-Proof is Your Privacy Program?

Original broadcast date: 27 January 2022 In this web conference you will hear from those "living" global corporate privacy every day and learn how they took on the challenge of creating a global privacy framework across 400 legal entities, over 170 countries and 45 million urls, used the opportunity to develop new services and governance frameworks that would accelerate and facilitate future industry and regulatory compliance efforts at scale and accelerated cross-corporation adoption of ever-changing, complex privacy regulations using a fraction of the time and effort that was required for the GDPR. Read More

Ransomware: 5 critical tips for organizations
(IAPP, February 2022)
LinkedIn Live: ‘How To Build An Effective Privacy Engineering Team’
(IAPP, February 2022)
Web Conference: The Privacy Evolution: Enabling Trusted Data Use
(IAPP, January 2022)
Web Conference: Embracing Today’s Privacy Landscape and Leaning Into Privacy Management
(IAPP, December 2021)
Measuring global diversity and inclusion: The art of the possible
(IAPP, November 2021)
Web Conference: Establishing Repeatable and Scalable Privacy Programs
(IAPP, September 2021)
Data privacy requests metrics: Lessons for your privacy program
(IAPP, September 2021)
PDPC – Guide to Developing a Data Protection Management Program
(PDPC, September 2021)
The Risk of ‘Dumpster Data’ Exposure and How to Prevent It
(Blancco, September 2021)
Web Conference: From Programs to Programmatic: New Mindsets & Methods for Privacy Challenges
(IAPP, August 2021)
Web Conference: A Practitioner Approach to Implementing Data Protection & Privacy by Design
(IAPP, August 2021)
Five Things You Can Learn from a Data Audit
(Aparavi, August 2021)
Hiscox Cyber Readiness Report
(Hiscox, July 2021)
What are the driving forces of a company’s privacy strategy in a constantly changing landscape?
(IAPP, July 2021)
Web Conference: Building a Resilient Privacy Program and Operation
(IAPP, June 2021)
Web Conference: Building a Next Generation Practice Leadership
(IAPP, May 2021)
Web Conference: Why Privacy Departments Hold the Key to Incident Response
(IAPP, July 2021)
Privacy By Design: From Principles to Requirements
(Mark Settle, May 2021)
ICO: Top tips for dealing with information access requests
(ICO, February 2021)
ICO — Toolkit for organizations considering using data analytics
(ICO, February 2021)
Effective management of cannabis consumer data risk
(IAPP, January 2021)
Web Conference: Privacy Metrics: Measuring Privacy Programs
(IAPP, May 2021)
Web Conference: The 7 Sins of Managing Data Privacy
(IAPP, March 2021)
Web Conference: D&I and Your Privacy Program: A Discussion on Intersectionality
(IAPP, March 2021)
Web Conference: A 360-Degree View of Enterprise-wide Privacy Risk
(IAPP, March 2021)
Privacy with Microsoft Video Series – Episode 2: Implementation of Corporate Privacy Policy
(Microsoft, February 2021)
Privacy with Microsoft Video Series – Episode 1: Enterprise Privacy Management
(Microsoft, February 2021)
Web Conference: Make 2021 the Year of Privacy: Building a Yearlong Privacy Awareness Program
(IAPP, January 2021)
Privacy fatigue and how to combat it
(IAPP, January 2021)
Web Conference: Developing and Embedding a Privacy Program Across a National Organization
(IAPP, November 2020)
Web Conference: Developing and Embedding a Privacy Program Across a National Organization
(IAPP, November 2020)
Web Conference: From Startup to Public: Building a Mature Privacy Program on a Shoestring
(IAPP, October 2020)
Privacy Leaders’ Views – The Impact of COVID-19 on Privacy Priorities, Practices and Programs
(IAPP, October 2020)
Benefits, Attributes and Habits of Mature Privacy and Data Protection Programs
(IAPP, October 2020)
Web Conference: Rising Above the Fray: Building a Privacy Office with Impact
(IAPP, October 2020)
White Paper – The Skill Set Technologists Need to Implement a Privacy Risk Management Framework
(IAPP, October 2020)
Measuring Privacy Operations
(IAPP, November 2019)
From Microsoft’s CPO to Airbnb’s, his goals are the same
(IAPP, October 2020)
Managing Data-Related Enterprise Risks
(Directors & Boards, September 2020)
Security and Privacy Controls for Information Systems and Organizations
(NIST, September 2020)
Evolve your Data Mapping
(Securiti, July 2020)
Web Conference: Building a Privacy Culture in Our Conflicted Age
(IAPP, June 2020)
Web Conference: Practical Primer on Privacy Preparedness
(IAPP, June 2020)
How to operationalize privacy by design
(IAPP, May 2020)
Embedding data ethics into your ‘culture of privacy’
(IAPP, May 2020)
Web Conference: Strategic Vendor Risk Management for Privacy Pros
(IAPP, May 2020)
How to leverage your existing privacy program to manage brand reputation risks
(IAPP, April 2020)
Checklist: Expedited Vendor Privacy and Security Assessment
(IAPP, April 2020)
How to build a culture of privacy
(IAPP, March 2020)
Building a culture of privacy: Legal compliance as a result, not a goal
(IAPP, March 2020)
How to build a ‘culture of privacy’
(IAPP, February 2020)
IAPP-EY Annual Governance Report 2019
(IAPP, September 2019)
Building a long-lasting privacy program in an ever-changing regulatory landscape
(IAPP, September 2019)
Tool helps map out relevant privacy laws for organizations
(IAPP, July 2019)
Privacy Management Program Self-Assessment
(Office of the Information and Privacy Commissioner for British Columbia, July 2019)
How do organizations demonstrate a positive privacy impact?
(IAPP, February 2019)
The Privacy Advisor Podcast: Santa Clara County’s CPO on building a privacy program from the ground up
(IAPP, January 2019)
How to drive effective privacy operations with functional requirements
(IAPP, August 2018)
Personal Data and the Organization: Stewardship and Strategy
(Future of Privacy Forum, July 2019)
A Guide to Privacy by Design
(AEPD, February 2020)
Web Conference: The Information Protection Blueprint: Ideas for Modern IT Security and Compliance
(IAPP, September 2020)
Web Conference: Privacy Compliance Meets IT
(IAPP, September 2020)
Web Conference: The LGPD, GDPR, CCPA and More – How to Abide by Multiple Privacy Laws
(IAPP, September 2020)
3 benefits for businesses to adopt PDS
(IAPP, September 2020)
Beyond a compliance mindset: How we communicate about privacy impacts our influence
(IAPP, September 2020)
Web Conference: The Relationship Between Organizations’ Privacy Practices and Data Breach Risk
(IAPP, September 2020)
Zoox Smart Data — Privacy Program Implementation Guide
(Zoox, August 2020)
Building a culture of privacy: Privacy as a strategic initiative
(IAPP, August 2020)
Study finds 93% of US citizens would switch to privacy-conscious organizations
(IAPP, August 2020)
Web Conference: Privacy Program Remediation to Incorporate Legacy Systems
(IAPP, August 2020)
Web Conference: Building a Privacy Culture: A Conversation with Privacy Program Managers
(IAPP, August 2020)
Web Conference: Global Privacy Survey: How Does Your Privacy Program Compare to Others in 2020?
(IAPP, June 2020)
How to make responsibly sourced data the rule, not the exception
(IAPP, June 2020)
Building a culture of privacy: Be customer-centric
(IAPP, June 2020)
Survey of Fortune 500 Companies’ Privacy Representations
(Bryan Cave Leighton Paisner, January 2020)
Measuring Privacy Operations
(IAPP, December 2018)
White Paper – Applying the Positive-Sum Principle for Successful Privacy by Design Outcomes
(IAPP, July 2018)
White Paper – They Did What? Top Privacy Mistakes To Watch Out For (and How To Avoid Them)
(IAPP, June 2018)
White Paper – Must-Have Privacy Training Features for Your Team
(IAPP, June 2018)
White Paper – Check or Mate? Strategic Privacy by Design
(IAPP, October 2017)
Series: Benchmarking your privacy incident management program
(IAPP, July 2017)
Deep Dive into the technology of corporate surveillance
(Electronic Frontier Foundation, February 2020)
Under Armour takes ‘honorable mention’ for building innovative privacy program
(IAPP, October 2018)
A lean approach to compliance: Minimum viable privacy program
(IAPP, May 2017)
For a successful privacy program, use these three A’s
(IAPP, July 2016)
Web Conference: Building a Privacy Program from Ground Zero
(IAPP, October 2016)
Building a program that provides value (four-part series)
(IAPP, July 2016)
Kick-Starting a Privacy Program
(IAPP, February 2013)
Ten Steps to a Quality Privacy Program
(IAPP, December 2012)
Building a program? Better get your internal audit game right
(IAPP, August 2016)
What’s a nonprofit to do? How to create the (best) privacy program, on the cheap
(IAPP, April 2016)
Are You a Completely Green CPO? Here’s Somewhere To Start
(IAPP, September 2015)
Starting up privacy at a start-up
(IAPP, July 2016)
Designing and Implementing an Effective Privacy and Security Plan
(IAPP, March 2014)
Chief Privacy Officer: Sample Job Description
(IAPP, August 2014)
Good Cybersecurity Means Good Info Governance
(IAPP, March 2014)
How To Measure Your Privacy Program, Step-by-Step
(IAPP, May 2014)
Exploring model privacy programs at organizations both large and small
(IAPP, December 2012)
Getting your board on board
(IAPP, September 2012)
Getting Your Board on Board, Part II
(IAPP, September 2012)
Getting Your Board on Board, Part III
(IAPP, September 2012)
View More Resources

Definitions

Privacy Program Framework

An implementation roadmap that provides the structure or checklists (documented privacy procedures and processes) to guide the privacy professional through privacy management and prompts them for the details to determine all privacy-relevant decisions for the organization.... Read More

Privacy Champion

An executive who serves as the privacy program sponsor and acts as an advocate to further foster privacy as a core organization concept.... Read More

Privacy Operational Life Cycle

Focused on refining and improving privacy processes, this model continuously monitors and improves the privacy program, with the added benefits of a life cycle approach to measure (assess), improve (protect), evaluate (sustain) and support (respond), and then start again. Associated term(s): Assess; Protect; Sustain; Respond... Read More

COVID-19 Privacy Program Resources

How to employ privacy by design in the fight against COVID-19

As COVID-19 is rapidly spreading around the world, public health authorities are eagerly searching for effective measures to flatten the curve and decrease the rate of contamination. Among others, many governments are using or considering using surveillance technology to track the movements of people infected by COVID-19 and notify those who may have been exposed to the virus. Naturally, the use of such measures on a wide scale raises serious privacy concerns. In Israel, for example, there is a ... Read More

Canada: Mitigating Privacy Risks For Teleworkers
(Pallett Valo LLP, March 2020)
View More Resources