- Evaluate the state of privacy in an organization to identify the current baseline. The tools such as gap assessment, data visibility exercise, and privacy impact assessment can be used to identify the baseline.
- Create an inventory of elements that can be attributed to privacy, or are important from the privacy perspective, and which require policy treatments. These elements could be as follows: Privacy principles that need to be adhered by the organization, Structure of Privacy Organization, Strategy for privacy implementation, Accountability of privacy initiatives, etc.
- Identify the policy items required to address specific or broad challenges an organization is facing with respect to privacy management.
- Deploy the policy across all business processes, enterprise functions, projects and operations of an organization. Extend the coverage of the policy to partners, vendors and other third party service providers.
- Against each of the policy items, record the means that have been deployed for enforcement
- Ensure that a significant level of detailing has been done while designing a process or deploying a technology solution for privacy implementation. All operational scenarios, detailed requirements, fitment into infrastructure ecosystem and culture of an organization should be considered while designing solutions for privacy.
- Create a catalogue of processes that are deployed for privacy. Establish a mechanism that oversees the performance of these processes.
- Ensure that there exists a mechanism that monitors compliance to the policy and assesses the effectiveness of the policy implementation.
- Ensure that management’s commitment towards the policy is frequently communicated to the employees, partners and service providers.
- Ensure that the non-compliances to the policy are identified and addressed in a timely manner.
DSCI Privacy Framework