Privacy Organization and Relationship (POR)

Best Practices

  • Identify all activities, functions and operations that can be attributed to the privacy initiatives of an organization
  • Identify the efforts and resources required for privacy considering factors such as compliance requirements, privacy specific process deployment and operations, project initiatives for privacy, scope of privacy programs, coordination efforts, and regional privacy initiatives
  • Evaluate the hierarchical structure of the organization, positioning of IT and security organization, relationship between different functions, reporting lines and information flow with respect to security and privacy
  • Evaluate the role of corporate function in legal compliance management, their relations with IT, and Security functions. Evaluate the role played by the legal function in compliance matters
  • Establish a privacy function to address the activities, functions and operations that are required to manage the privacy initiatives
  • Establish a privacy organization structure, positioning roles for privacy, and defining hierarchy and reporting lines. The privacy organization’s positioning in an organization can adopt some of the following trends:
  • Establish the roles for privacy at all levels of hierarchy in an organization. Assign the responsibilities and accountabilities for all the tasks of privacy activities, functions and operations.
  • Ensure that a significant level of efforts and skills are allocated to privacy initiatives.
  • Ensure that the privacy function has a working relationship with all the functions of an organization
  • Ensure a significant level of Information flow between Privacy function and other functions such as corporate risk management, Lines-of-Businesses (LOBs), IT, Security and Business Support Functions (HR, Admin, Finance etc.)
  • Ensure that there exists a mechanism that facilitates coordination and collaboration for privacy. These mechanisms come in the form of advisory body, steering committee, privacy communication forums and security programs
  • Ensure that the privacy function engages itself more in communicative, collaborative and integrative activities

DSCI Privacy Framework