Privacy in Practice Establish and Operationalize a Holistic Data Privacy Program

Privacy is not just the right to be left alone, but also the right to autonomy, control, and access to your personal data. The employment of new technologies over the last three decades drives personal data to play an increasingly important role in our economies, societies, and everyday lives. Personal information has become an increasingly valuable commodity in the digital age. At the same time, the abundance and persistence of personal data have elevated the risks to individuals’ privacy. In the age of Big Data, the Internet of Things, Biometrics, and Artificial Intelligence, it is becoming increasingly difficult for individuals to fully comprehend, let alone control, how and for what purposes organizations collect, use, and disclose their personal information. Consumers are growing increasingly concerned about their privacy, making the need for strong privacy champions ever more acute. With a veritable explosion of data breaches highlighted almost daily across the globe, and the introduction of heavy-handed privacy laws and regulatory frameworks, privacy has taken center stage for businesses. Businesses today are faced with increasing demands for privacy protections, ever-more complex regulations, and ongoing cybersecurity challenges that place heavy demands on scarce resources. Senior management and executives now acknowledge privacy as some of the biggest risks to the business. Privacy, traditionally, has existed in a separate realm, resulting in an unintentional and problematic barrier drawn between the privacy team and the rest of the organization. With many regulatory frameworks to consider, building an all-encompassing data privacy program becomes increasingly challenging. Effective privacy protection is essential to maintaining consumer trust and enabling a robust and innovative digital economy in which individuals feel they may participate with confidence. This book aims at helping organizations in establishing a unified, integrated, enterprise-wide privacy program. This book is aiming to help privacy leaders and professionals to bridge the privacy program and business strategies, transform legal terms and dead text to live and easy-to-understand essential requirements which organizations can easily implement, identify and prioritize privacy program gap initiatives and promote awareness and embed privacy into the everyday work of the agency and its staff.

Part 1: Privacy Basics and Landscape 1. Privacy Concept and a Brief History 2. Legal Systems, World Models, and Landscape 3. GDPR, CCPA/CPRA, PIPL and PIPEDA 4. Privacy Best Practices, Standards, and Certifications Part 2: Business Impact and a Holistic Framework 5. Data Protection Drivers and Challenges 6. Unified Data Protection Framework 7. Privacy Program Assessment and Roadmap 8. Privacy Program Management Metrics and Tools Part 3: Privacy Governance 9. Data Protection Legal Mandate and Business Requirements 10. Governance Structure and Responsibilities 11. Privacy Policies and Procedures 12. Privacy Awareness, Training, and Engagement Part 4: Privacy Operations 13. Privacy Impact Assessment (PIA) 14. Record of Processing Activities 15. Privacy Notice 16. Lawful Basis 17. Data Collection 18. Data Usage and Maintenance 19. Personal Data Sharing 20. Data Residency and Cross-Border Transfers 21. Data Retention and De-Identification 22. Security of Personal Data Processing Part 5: High-Risk Business Scenarios 23. PbD in Marketing Practices 24. Workforce Data Protection 25. Protection of Children’s Data 26. PbD for AI Solutions Part 6: Data Breach Handling and DPA Cooperation 27. Data Subject Rights, Inquiries, and Complaints 28. Data Breach Handling 29. DPA Cooperation

Mr. Alan Tang has extensive experience devoted to privacy and security practices. Dr. Tang specializes in establishing and operationalizing risk-based and actionable privacy frameworks and programs in alignment with global privacy laws, regulations, and standards such as GDPR, CCPA/CPRA, PIPEDA, PIPL, LGPD, GAPP, ISO 27701, and NIST PF, etc. He believes in simplifying, automating, and scaling privacy controls to enable business growth. Dr. Tang has firsthand experience in implementing an enterprise-wide, unified privacy framework and program for a Fortune 50 international company. The privacy framework has been implemented in 50+ countries through three phases. He has a strong history of working with business leaders in a wide range of privacy-related domains such as privacy strategy and roadmap, PIA and DPIA, privacy policies and procedures, privacy-by-design in SDLC, data subject rights assurance, data retention, data disclosure and sharing, data cross-border transfer, data security protection, privacy awareness training, data breach handling, etc. Dr. Tang holds a Ph.D. degree in Information Security and an MBA degree. Alan also holds numerous privacy and security designations including FIP, CIPP/E, CIPP/US/C, CIPM, CIPT, CISSP, CISA, PMP, and previously ISO27001LA and PCI DSS QSA.