Any organization that collects, uses, or discloses personal information faces privacy risks. What separates organizations that deal effectively with these risks from those that are adversely impacted by privacy breaches is a proactive approach to privacy protection that emphasizes planning.
The ninth and final webinar in our PrivacyRight series focuses on Risk Management and Compliance Monitoring, two crucial aspects of an effective privacy management program.
The Personal Information Protection Act (PIPA) requires organizations to make reasonable security arrangements to protect the personal information in their custody or under their control. In other words, if you collect and process individuals’ personal information, or if another organization does that on your behalf, you are legally responsible to protect that data.
A risk management approach to protecting personal information means identifying and evaluating privacy risks and working to monitor, minimize, avoid, or otherwise mitigate them. Organizations can then meet their PIPA obligations in a way that is scalable and proportionate to the specific threats they may face.
Securing personal information: a self-assessment tool for organizations