Training Duration: 1 day

Training Delivery Method: On-site, instructor-led course; or online, instructor-led course

Prerequisites: Some background in risk management

What Problem Does This Training Help Solve? Helps you manage privacy risks originating from organizational policies and regulatory requirements

Who Should Attend? Chief Privacy Officers, IT auditors, security professionals, and management

Course Material: Content-rich manual/course handouts consisting of about 180 foils

Course Syllabus:

Privacy requirements that are related to individuals and data associated with those individuals arise from regulatory requirements such as GLBA, HIPPA, PIPEDA (Canada), etc. This seminar will cover privacy risks from a management perspective as well as from an audit perspective. It will include implementation of privacy-related controls, privacy frameworks, privacy risk management, regulatory compliance, privacy policies, the role of the CPO, privacy auditing, and other related topics.

Topics to be covered:

• What Privacy is
• Principles of privacy
• Regulatory reasons- EU parliament directive 43 and 46
• USA vs. EU privacy- EuroSOX
• Privacy policies
• Privacy Frameworks
• Privacy Impacts
• Privacy risk model
• Privacy control objectives and controls
• Internal Auditor’s Role in Privacy
• Auditing Privacy controls
• Privacy considerations for data storage and data transmission
• Encryption and access control
• Confidentiality aspect of CIA
• Responsibility and accountability
• Privacy awareness and training of employees
• Third-party exposure
• Trans-border transmission of privacy-related information