A weekly newsletter and video series designed to help business leaders understand the role of personal information as a business asset, the regulations that govern its collection, storage and use and how businesses can better manage information to comply with those regulations and avoid the very real consequences that can come from breaching those regulations.
Throughout my career, I have spoken with many leaders who have said that, while they are very concerned about the risks that come from collecting, storing and using personal information, one of their key concerns is their lack of knowledge about how data is used and the process and procedures that should be in place. This knowledge gap prevents them from being able to make informed decisions about data management strategies.
This series is aimed at helping you develop the right knowledge and understanding to be able to better lead your organisations, and sharing a model for building a framework that you can use to improve your organisation’s management of personal information.
My name is Richard Harris. Throughout my career, now spanning over 25 years, I have helped clients make better use of personal information and have been required to ensure that information is managed effectively and by the laws that govern its use.
I am excited to share my knowledge and experience with you and hope you find this series to be of value.
Course Structure
Each week you will receive an email directly to your inbox containing
- A summary of the week’s topic
- A list of key terms and definitions
- Links to website for further reading
- A link to that week’s course video
Course Contents
Chapter 1 – Context
To get us started on this journey, we need to place the concepts we are going to discuss in context. The use of data has exploded to the point where it is clearly the most important asset for most organisations and those that fail to utilize data effectively struggle to compete with those that adopt best practices. In this chapter, we will discuss.
- Session 1: Industry 4.0 – how the use of data has defined a new industrial revolution
- Session 2: How data is collected, managed and used
- Session 3: Personal & Sensitive Information
- Session 4: Ethical Considerations: Explore ethical implications in data usage, emphasizing the responsibility of organizations in handling personal information ethically and transparently.
- Session 5: Data Privacy Challenges: Discuss challenges associated with data privacy in the modern digital landscape, including emerging technologies, data breaches, and public concerns.
Chapter 2: Exploring Privacy Regulations
There are many regulations that govern the collection, management and use of personal information. However, they share many similarities. In this chapter, we will explore the principles that you should be aware of when reviewing how you manage personal information in order to reduce the risk of breaching these regulations.
- Session 6: General Data Protection Regulation
- Session 7: California Consumer Privacy Act
- Session 8: Other regulations
- Session 9: International Data Transfer: Address regulations related to international data transfers, especially in regions with stringent data transfer laws (e.g., EU to non-EU countries).
Chapter 3: Privacy Management Framework
The aim of this course is to empower you to make the decisions required to ensure your organisation complies with the regulations governing the use of personal information. To help give you an objective to work towards, we will explore a model that you can adopt for building an effective privacy compliance framework.
- Session 10: The Data Privacy Framework model
- Session 11: The requirements framework approach
- Session 12: Personal Information data governance
- Session 13: Policies and Procedures for managing personal information
- Session 14: Demonstrating your compliance
Chapter 4: Consumer Rights
In this Chapter we will take a deep dive into the rights of the consumer when it comes to their personal information and the processes you must ensure are in place to meet support those rights.
- Session 15: Right to know, access and correct
- Session 16: Right to control
- Session 17: Right to opt-out or be forgotten
- Session 18: Anonymity, restrict sale or share, online tracking
Chapter 5: Managing Personal Information
Managing personal information requires everyone in the organisation to actively participate. In this chapter, we will discuss the processes, systems and practices you should have in place to ensure you collect, store and use personal information in accordance with the regulations.
- Session 19: Privacy Council
- Session 20: Privacy Impact Assessments (PIA): Introduce the concept of PIAs, emphasizing their role in identifying and mitigating privacy risks associated with new projects or processes.
- Session 21: Data Retention and Deletion: Discuss strategies for data retention periods and secure data deletion practices in compliance with regulations.
- Session 22: Data Catalogues, Data Classification and Data lineage
- Session 23:Pragmatic Security
- Session 24: Response planning
- Session 25: Data Policies and guidelines
Chapter 6: Policies, procedures and practices
Following on from the previous chapter, we will explore the ways in which you can instill a culture of data protection through the development of effective policies and training materials so that everyone in your organisation understands the requirements and how to meet them.
- Session 26: Data Flow mapping
- Session 27 – Data collection and Consent
- Session 28: Staff training & resources
- Session 29: Working with third parties
- Session 30: Privacy Policy
- Session 31: Compliance Auditing: Discuss the importance of regular compliance audits to evaluate and improve existing privacy measures.
Chapter 7: Your Next Actions
In this final chapter, we will set out an action plan for you to follow to begin the process of improving how you manage and protect personal information so as to minimize the risk of your organization breaching regulations.
- Session 32: Privacy Review
- Session 33: Developing a program of work
- Session 34: Monitoring and Continuous Improvement: Emphasize the importance of ongoing monitoring, review, and continuous improvement of data privacy practices as regulations evolve.
- Session 35: Public Relations and Transparency: Highlight the significance of transparent communication with stakeholders and the public regarding data privacy efforts and compliance status