Privacy Program

To many, a CPO plays an important role with regulations like GDPR in play, hear it from Brock Wanless, Groupon’s global privacy and regulatory managing counsel, on how the company enforces privacy without one.

Why is there always some information security or privacy pros who insist on proclaiming that user awareness and training is a waste of time and money?

While so much has changed in technology and addressing privacy, it is important to never forget the lessons of the past. The basic categories of privacy risks are still the same and the general concepts for mitigating those risks are also pretty much the same as they were decades ago.

Your job as a new CPO is to lay the foundation, merge any existing and new pieces into one privacy program and then lead the way on all things privacy. Where do you start? What are the priorities? How do you introduce privacy concepts to the company? You need a plan.

To help information security, privacy and compliance professionals architect and implement the best security and privacy practices for your organization, Rebecca Herold, lead developer and author of ISACA's Privacy Principles and Program Management Guide, provides an overview of the 14 principles and explain the…

In part I of an ongoing series of articles Teresa Troester-Falk examined how the evolution of the concept of Accountability as a privacy and data protection principle. In this article, part II she looks at accountability in practice, and how to achieve accountability through structured privacy management.