SlideShare una empresa de Scribd logo

Data Privacy in the DMBOK - No Need to Reinvent the Wheel

DATAVERSITY
DATAVERSITY

World wide, Data Privacy laws are increasing. Customers are increasingly aware, and concerned, about how data is processed. The Chief Privacy Officer is (or should be) a key stakeholder for many Data Governance initiatives, and new terms like “Privacy by Design” and “Privacy Engineering” are entering our conversations with peers. Non-EU organizations selling into the EU will soon have to comply with EU Data Privacy laws. However, data professionals who take a structured, principles based approach, to building their Data Privacy capabilities stand a better chance of sustainable success than those who don’t. Rather than reinventing the wheel, organizations should look at how the DMBOK framework, in conjunction with other approaches and methods, can provide a robust platform for Data Privacy initiatives in their organizations.

Empresariales
1 de 51
Descargar para leer sin conexión
Castlebridge Associates Castlebridge Associates | Invent Centre | DCU | Glasnevin | Dublin 9| Ireland Changing How People in Organisations Think about Information DATA PRIVACY & THE DMBOK NO NEED TO REINVENT THE WHEEL!
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential WHATWE ARE GOING TO COVER Why Data Privacy is Important Data Privacy in the DMBOK Some Other Concepts Ethical Information Management
Castlebridge Associates © 2014 | Castlebridge Associates | Confidential WHY DATA PRIVACY IS IMPORTANT SOME KEYTRENDSTO BE AWARE OF…
Castlebridge Associates © 2014 | Castlebridge Associates | Confidential People have entrusted us with their most personal information. We owe them nothing less than the best protections that we can possibly provide by harnessing the technology at our disposal. We must get this right. History has shown us that sacrificing our right to privacy can have dire consequences. Tim Cook, CEO Apple
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE GLOBAL LEGISLATIVE TREND 7 17 36 68 111 0 20 40 60 80 100 120 1970s 1980s 1990s 2000s 2010-2015 Total Global Data Privacy Laws Total Global Data Privacy Law Within this, there is also continued evolution of existing Data Privacy laws (e.g. EU Data Protection Regulation)
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential ONE KEY TREND… Global momentum toward the EU’s model of data privacy regulation has led to new laws and better protection for the consumer. Many non-EU countries have passed laws over the past 12 months that bring the world’s collective standards around data privacy closer to the high-water mark laid out by the EU’s overarching Privacy Directive. For instance, countries such as Malaysia and South Africa have recently passed new data privacy frameworks that closely follow the EU’s lead. South Africa has even gone one step farther and implemented provisions that will likely be implemented by the future EU Privacy Directive updates. - Forrester,August 2014
© 2015 | Castlebridge Associates | Confidential A FRAMEWORK FORTHINKING ABOUT INFORMATION Strategic Business Information Technology TacticalOperationsCustomer Business Strategy & Governance Information Strategy & Governance IT Strategy & Governance Business Architecture & Planning Information Architecture & Planning Technology Architecture & Planning Management & Execution of Business Processes Management & Application of Information Management & Exploitation of IT Services Process Outcome Information Outcome Expectation Based on Amsterdam 9-box model by Prof. Rik Maes et al Privacy is Here
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential A SUMMARY MAPPING OF CORE PRINCIPLES EU Principle OECD Principle(s) AICPA FIPP Obtain Data Fairly Openness Notice ; Choice and Consent Process for a Specified and Lawful Purpose Purpose Specification Collection Do not Process for an incompatible purpose Use Limitation Use, Retention, Disposal Ensure Data is Accurate, Complete,and Up-to-date Data Quality Quality Personal Data should be kept Safe and Secure Security Safeguards Security for Privacy; Disclosure Data must be adequate,relevant, not excessive Data Quailty Quality Personal data must not be kept for longer than necessary for the specified purposes Use, Retention, Disposal Individuals have rights of access, rectification,erasure, blocking Individual participation Access Management; Monitoring & Enforcement Penalties & Civil liability & Enforcement Accountability Monitoring & Enforcement
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential One Stop Shop KEY PROVISIONS OF THE DATA PROTECTION REGULATION Core 8 Principles + Accountability Principle + Transparency Principle + Article 7, 8 ECHR Increased Penalties Moves towards a “Risk Based” model Explicit Focus on Governance Principles Driven Principles Driven Enhanced Rights: Data Portability; RTBF; Risk & Penalty Mitigation Documentation Risk & Penalty Mitigation Fines as % of Global Turnover General Data Protection Regulation – 1 Slide Summary
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential WHY DOES IT MATTER?
Castlebridge Associates © 2014 | Castlebridge Associates | Confidential DATA PRIVACY IN THE DMBOK
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PRIVACY IN THE DMBOK WHEEL © DAMA International, used with permission
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PRIVACY IN THE DMBOK WHEEL Remember to Respect Copyright
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PRIVACY IN THE DMBOK WHEEL © DAMA International, used with permission
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PROTECTIONTHROUGH THE DG/IQ LENS Current EU Data Protection Directive 95/46/EC
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PROTECTION: PRINCIPLES Principle Governance Quality Personal data which is being processed must be fairly obtained and processed X Personal Data shall be obtained for a Specified and Lawful Purpose X Personal Data shall not be processed in a manner incompatible with the specified purpose X Personal Data shall be kept accurate and complete and, where necessary, kept up to date X Personal Data should be kept Safe & Secure X Data processed must be adequate, relevant and not excessive X X Personal data should not be kept for longer than necessary for the specified purpose or purposes X X Data Subjects have a right of Access. X
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PROTECTION: QUALITY PRINCIPLES Principle Governance Quality Personal data which is being processed must be fairly obtained and processed X Personal Data shall be obtained for a Specified and Lawful Purpose X Personal Data shall not be processed in a manner incompatible with the specified purpose X Personal Data shall be kept accurate and complete and, where necessary, kept up to date X Personal Data should be kept Safe & Secure X Data processed must be adequate, relevant and not excessive X X Personal data should not be kept for longer than necessary for the specified purpose or purposes X X Data Subjects have a right of Access. X
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential WHAT IS DATA QUALITY IN DMBOK? Definition: Planning, implementation, and control activities that apply quality management techniques to measure, assess, improve, and ensure the fitness of data for use. . Goals: • To measurably improve the quality of data in relation to defined business expectations. • To define requirements and specifications for integrating data quality control into the system development lifecycle. • To provide defined processes for measuring, monitoring, and reporting conformance to acceptable levels of data quality. Activities: 1. Develop and Promote Data Quality Awareness 2. Define Data Quality Requirements 3. Profile, Analyze, and Assess Data Quality 4. Define Data Quality Metrics 5. Define Data Quality Business Rules 6. Test and Validate Data Quality Requirements 7. Set and Evaluate Data Quality Service Levels 8. Continuously Measure and Monitor Data Quality 9. Manage Data Quality Issues 10. Clean and Correct Data Quality Defects 11. Design and Implement Operational DQM Procedures 12. Monitor Operational DQM Procedures and Performance Inputs Outputs Inputs: • Business Requirements • Data Requirements • Data Quality Expectations • Data Policies and Standards • Business Metadata • Technical Metadata • Data Sources and Data Stores Primary Deliverables: • Improved Quality Data • Data Management • Operational Analysis • Data Profiles • Data Quality Certification Reports • Data Quality Service Level • Agreements Metrics: • Data Value Statistics • Errors / Requirement Violations • Conformance to Expectations • Conformance to Service Levels Tools: • Data Profiling Tools • Statistical Analysis Tools • Data Cleansing Tools • Data Integration Tools • Issue and Event Management Tools
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential EXAMPLE: MARKETING CONSENTS EXPIRE AFTER 12 MONTHS 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 12 months or over 10 -12 Months 6-9 months 3-6 months 0-3 months Marketing Months since last contact ePrivacy Directive ConsentTracker 30% x Avg uplift of €10 per campaign, 10% success rate, 1.2 million customers
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PRIVACY IN THE DMBOK WHEEL © DAMA International, used with permission
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PROTECTION: DATA DEVELOPMENT Principle Governance Quality Personal data which is being processed must be fairly obtained and processed X Personal Data shall be obtained for a Specified and Lawful Purpose X Personal Data shall not be processed in a manner incompatible with the specified purpose X Personal Data shall be kept accurate and complete and, where necessary, kept up to date X Personal Data should be kept Safe & Secure X Data processed must be adequate, relevant and not excessive X X Personal data should not be kept for longer than necessary for the specified purpose or purposes X X Data Subjects have a right of Access. X
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential WHAT IS DATA DEVELOPMENT IN DMBOK? Definition: Designing, implementing, and maintaining solutions to meet the data needs of the enterprise. . Goals: • Identify and define data requirements. • Design data structures and other solutions to these requirements. • Implement and maintain solution components that meet these requirements. • Ensure solution conformance to data architecture and standards as appropriate. • Ensure the integrity, security, usability, and maintainability of structured data assets. Activities: 1. Data Modelling, Analysis and Solution Design • Analyze Information Requirements • Develop and Maintain Conceptual Data Models • Develop and Maintain Logical Data Models • Develop and Maintain Physical Data Models 2. Detailed Data Design • Design Physical Databases • Design Information Products • Design Data Access Services • Design Data Integration Services 3. Data Model and Design Quality Management • Develop Data Modeling and Design Standards • Review Data Model and Database Design Quality • Manage Data Model Versioning and Integration 4. Data Implementation • Build and test Data Access Services • Validate Information Requirements Inputs Outputs Inputs: • Business Goals and Strategies • Data Needs and Strategies • Data Standards • Data Architecture • Process Architecture • Application Architecture • Technical Architecture Primary Deliverables: • Data Requirements and Business Rules • Conceptual Data Models • Logical Data Models and Specifications • Physical Data Models and Specifications • Meta-data (Business and Technical) • Data Access Services
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential HOW DATA DEVELOPMENT AFFECTS PRIVACY Obtain Storage Store/Share Apply
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential HOW DATA DEVELOPMENT AFFECTS PRIVACY - EXAMPLE • EU e-marketing rules require explicit Opt-in consent for calls to mobiles and for SMS marketing • Fixed line is Opt-out • Data Modelling decision required here…
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential HOW DATA DEVELOPMENT AFFECTS PRIVACY - EXAMPLE Marketing Other Call SMS Call Opt-in Is this a nominated contact for that purpose? Purposes Service Delivery Record opt-in for service delivery calls Opt-in Is this a nominated contact for that purpose? Record opt-in for service delivery calls Opt Out Record opt-in for service delivery calls Is this a nominated contact for that purpose? Email Opt-in Record opt-in for service delivery calls Is this a nominated contact for that purpose? Postal Opt-Out Record opt-in for service delivery calls Is this a nominated contact for that purpose?
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential HOW DATA DEVELOPMENT AFFECTS PRIVACY – A KISS OF DEATHTO USEABLE DATA… Please tick this box if you would like us to not contact you Blanket Opt-Outs applied at the PARTY Entity level, not at the contact point or in the context of a specific purpose….
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential WHAT CAN WE LEARN FROM DATA MODEL ABOUT PRIVACY IMPACTS?
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PRIVACY IN THE DMBOK WHEEL © DAMA International, used with permission
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential WHAT IS DATA ARCHITECTURE IN DMBOK? Definition: Defining the data needs of the enterprise and designing the master blueprints to meet those needs.. Goals: • To plan with vision and foresight to provide high quality data. • To identify and define common data requirements. • To design conceptual structures and plans to meet the current and long-term data requirements of the enterprise. Activities: 1. Understand Enterprise Information Needs 2. Develop and Maintain the Enterprise Data Model 3. Analyze and AlignWith Other Business Models 4. Define and Maintain the DataTechnology Architecture 5. Define and Maintain the Data Integration Architecture 6. Define and Maintain the DW/BI Architecture 7. Define and Maintain EnterpriseTaxonomies and Namespaces 8. Define and Maintain the Meta-data Architecture Inputs Outputs Inputs: • Business Goals • Business Strategies • Business Architecture • Process Architecture • IT Objectives • IT Strategies • Data Strategies • Data Issues • Data Needs • Technical Architecture Primary Deliverables: • Enterprise Data Model • Information Value Chain Analysis • Data Technology Architecture • Data Integration / MDM Architecture • DW / BI Architecture • Meta-data Architecture • Enterprise Taxonomies and Namespaces • Document Management Architecture • Metadata
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PROTECTION: DATA ARCHITECTURE Principle Governance Quality Personal data which is being processed must be fairly obtained and processed X Personal Data shall be obtained for a Specified and Lawful Purpose X Personal Data shall not be processed in a manner incompatible with the specified purpose X Personal Data shall be kept accurate and complete and, where necessary, kept up to date X Personal Data should be kept Safe & Secure X Data processed must be adequate, relevant and not excessive X X Personal data should not be kept for longer than necessary for the specified purpose or purposes X X Data Subjects have a right of Access. X
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE ZACHMAN FRAMEWORK Executive Business Manager Architect Engineer Technician How (Action) Why (Motivation) Where (Location) When (Event) Who (Actor) What (Data) Enterprise Scope Context Business Concepts System Logic Technology Physics Tool components Enterprise Inventory Identification Inventory Definition Inventory Representation Inventory Specification Inventory Configuration Inventory Instantiation Process Identification Process Definition Process Representation Process Specification Process Configuration Process Instantiations Distribution Identification Distribution Definition Distribution Representation Distribution Specification Distribution Configuration Distribution Instantiations Responsibility Identification Responsibility Definition Responsibility Representation Responsibility Specification Responsibility Configuration Distribution Instantiations Timing Identification Timing Definition Timing Representation Timing Specification Timing Configuration Timing Instantiations Motivation Identification Motivation Definition Motivation Representation Motivation Specification Motivation Configuration Motivation Instantiations Inventory Sets Process flows Distribution Networks Responsibility Assignments Timing Cycles Motivation Intentions Based on the Zachman Framework and content from Dennedy & Finneran’s Privacy Engineers Manifesto
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE ZACHMAN FRAMEWORK Executive Business Manager Architect Engineer Technician How (Action) Why (Motivation) Where (Location) When (Event) Who (Actor) What (Data) Enterprise Scope Context Business Concepts System Logic Technology Physics Tool components Enterprise Inventory Identification Inventory Definition Inventory Representation Inventory Specification Inventory Configuration Inventory Instantiation Process Identification Process Definition Process Representation Process Specification Process Configuration Process Instantiations Distribution Identification Distribution Definition Distribution Representation Distribution Specification Distribution Configuration Distribution Instantiations Responsibility Identification Responsibility Definition Responsibility Representation Responsibility Specification Responsibility Configuration Distribution Instantiations Timing Identification Timing Definition Timing Representation Timing Specification Timing Configuration Timing Instantiations Motivation Identification Motivation Definition Motivation Representation Motivation Specification Motivation Configuration Motivation Instantiations Inventory Sets Process flows Distribution Networks Responsibility Assignments Timing Cycles Motivation Intentions What triggers need for data? Timing Identification Motivation Identification • Why? • Balancing priorities/goals • Purpose spec Specified data, specified purpose Specified data, specified purpose Based on the Zachman Framework and content from Dennedy & Finneran’s Privacy Engineers Manifesto
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE ZACHMAN FRAMEWORK Executive Business Manager Architect Engineer Technician How (Action) Why (Motivation) Where (Location) When (Event) Who (Actor) What (Data) Enterprise Scope Context Business Concepts System Logic Technology Physics Tool components Enterprise Inventory Identification Inventory Definition Inventory Representation Inventory Specification Inventory Configuration Inventory Instantiation Process Identification Process Definition Process Representation Process Specification Process Configuration Process Instantiations Distribution Identification Distribution Definition Distribution Representation Distribution Specification Distribution Configuration Distribution Instantiations Responsibility Identification Responsibility Definition Responsibility Representation Responsibility Specification Responsibility Configuration Distribution Instantiations Timing Identification Timing Definition Timing Representation Timing Specification Timing Configuration Timing Instantiations Motivation Identification Motivation Definition Motivation Representation Motivation Specification Motivation Configuration Motivation Instantiations Inventory Sets Process flows Distribution Networks Responsibility Assignments Timing Cycles Motivation Intentions Data Classification IN CONTEXT How does the purpose get executed? Based on the Zachman Framework and content from Dennedy & Finneran’s Privacy Engineers Manifesto
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE ZACHMAN FRAMEWORK Executive Business Manager Architect Engineer Technician How (Action) Why (Motivation) Where (Location) When (Event) Who (Actor) What (Data) Enterprise Scope Context Business Concepts System Logic Technology Physics Tool components Enterprise Inventory Identification Inventory Definition Inventory Representation Inventory Specification Inventory Configuration Inventory Instantiation Process Identification Process Definition Process Representation Process Specification Process Configuration Process Instantiations Distribution Identification Distribution Definition Distribution Representation Distribution Specification Distribution Configuration Distribution Instantiations Responsibility Identification Responsibility Definition Responsibility Representation Responsibility Specification Responsibility Configuration Distribution Instantiations Timing Identification Timing Definition Timing Representation Timing Specification Timing Configuration Timing Instantiations Motivation Identification Motivation Definition Motivation Representation Motivation Specification Motivation Configuration Motivation Instantiations Inventory Sets Process flows Distribution Networks Responsibility Assignments Timing Cycles Motivation Intentions Logical Schema Process Maps / Data Flow RACI Matrix Based on the Zachman Framework and content from Dennedy & Finneran’s Privacy Engineers Manifesto
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE ZACHMAN FRAMEWORK Executive Business Manager Architect Engineer Technician How (Action) Why (Motivation) Where (Location) When (Event) Who (Actor) What (Data) Enterprise Scope Context Business Concepts System Logic Technology Physics Tool components Enterprise Inventory Identification Inventory Definition Inventory Representation Inventory Specification Inventory Configuration Invntory Instantiation Process Identification Process Definition Process Representation Process Specification Process Configuration Process Instantiations Distribution Identification Distribution Definition Distribution Representation Distribution Specification Distribution Configuration Distribution Instantiations Responsibility Identification Responsibility Definition Responsibility Representation Responsibility Specification Responsibility Configuration Distribution Instantiations Timing Identification Timing Definition Timing Representation Timing Specification Timing Configuration Timing Instantiations Motivation Identification Motivation Definition Motivation Representation Motivation Specification Motivation Configuration Motivation Instantiations Inventory Sets Process flows Distribution Networks Responsibility Assignments Timing Cycles Motivation Intentions Where is your data stored? What rules apply to that storage? Based on the Zachman Framework and content from Dennedy & Finneran’s Privacy Engineers Manifesto
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PRIVACY IN THE DMBOK WHEEL © DAMA International, used with permission
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PROTECTION: DATA GOVERNANCE Principle Governance Quality Personal data which is being processed must be fairly obtained and processed X Personal Data shall be obtained for a Specified and Lawful Purpose X Personal Data shall not be processed in a manner incompatible with the specified purpose X Personal Data shall be kept accurate and complete and, where necessary, kept up to date X Personal Data should be kept Safe & Secure X Data processed must be adequate, relevant and not excessive X X Personal data should not be kept for longer than necessary for the specified purpose or purposes X X Data Subjects have a right of Access. X
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential WHAT IS DATA GOVERNANCE IN DMBOK? Definition: The exercise of authority and control (planning, monitoring, and enforcement) over the management of data assets.. Goals: • To define, approve, and communicate data strategies, policies, standards, architecture, procedures, and metrics. • To track and enforce regulatory compliance and conformance to data policies, standards, architecture, and procedures. • To sponsor, track, and oversee the delivery of data management projects and services. • To manage and resolve data related issues. • To understand and promote the value of data assets.. Activities: 1. Data Management Planning • Understand Strategic Enterprise Data Needs • Develop and Maintain the Data Strategy • Establish Data Professional Roles and Organizations • Identify and Appoint Data Stewards • Establish Data Governance and Stewardship Organizations • Develop and Approve Data Policies, Standards, and Procedures • Review and Approve Data Architecture • Plan and Sponsor Data Management Projects and Services • Estimate Data Asset Value and Associated Costs 2. Data Management Control • Supervise Data Professional Organizations and Staff • Coordinate Data Governance Activities • Manage and Resolve Data Related Issues • Monitor and Ensure Regulatory Compliance • Monitor and Enforce Conformance With Data Policies, Standards, • and Architecture • Oversee Data Management Projects and Services • Communicate and Promote the Value of Data Assets Inputs Outputs Inputs: • Business Goals • Business Strategies • IT Objectives • IT Strategies • Data Needs • Data Issues • Regulatory Requirements Primary Deliverables: • Data Policies • Data Standards • Resolved Issues • Data Management Projects and Services • Quality Data and Information • Recognized Data Value
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential SOME KEY GOVERNANCE FUNCTIONS FROM PRIVACY PERSPECTIVE  Co-ordination of Data Privacy policies and standards  ISO29100 is a good core starting point  Ensuring staff are trained  Acting as “honest broker”  Ensuring appropriate risk posture in relation to privacy compliance  Ensuring processes for personal data are documented  Ensuring key controls are defined, operate, and are validated
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential STEWARDSHIP FOR DATA PRIVACY Strategic Operational Tactical Doers Definers Deciders Co-ordinators           3DC Stewardship Defined not by WHERE they are in organisation, but by ROLE in relation to Information
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential A DATA STEWARDSHIP MIND MAP Governance & Stewardship Data Use Steward (Doer/Definer) UX Requirements Privacy Reporting Screens & Reports Quality Screen & Reports Content Design & Aesthetics Data Governance Reqts (Co-ordinator) Data Standards Compliance Use of Metadata Documentation Metric Driven Quality Assurance Data Management Structure Data Collection Steward (Doer/Definer) Data Classification (PII, Sensitive) Encryption Business Content Rules Privacy Rules Privacy Reqts Steward (Decider/Definer) Purpose Notice Consent Transfer (3rd Party) Access/Correction/Deletion Proportionality Retention Responsible Action Based on work by M. Dennedy & Tom Finneran
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE DATA PROTECTION OFFICER ROLE • On the Executive Board? • Reporting to Executive Board? • Must be Independent • Technical and Business skills • Accountable for the System of Governance • “StatutoryTenure”
Castlebridge Associates © 2014 | Castlebridge Associates | Confidential SOME FINAL CONCEPTS
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential PRIVACY BY DESIGN What is it? Privacy by Design is a philosophy for systems engineering which takes privacy into account throughout the whole engineering process. Why is it Important? Privacy by Design establishes 7 guiding principles for development of systems that respect and enhance privacy as a quality system What is it? It is just QUALITY MANAGEMENT applied to Information, with PRIVACY as a “critical to quality” characteristic
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential PRIVACY BY DESIGN 'You cannot inspect quality into a product.' The quality is there or it isn't by the time it's inspected.
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential PRIVACY BY DESIGN Focus on defining processes & rules, not correcting errors Privacy as a quality characteristic A function of process design, not an after thought Things need to work without undue invasion of privacy Information Asset Life Cycle thinking Communicate, Document, communicate more! Focus on the Customer – Customer determines Quality /Privacy
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential PRIVACY ENGINEERING What is it? Privacy Engineering is the discipline that ensures the gathering and application of privacy requirements has the same primacy as other ‘functional’ requirements in processes and systems and incorporates them into the project, product, system, or information life cycle. Why is it Important? It is the glue that makes PBD operative in an organisation What is it? It is just QUALITY ENGINEERING applied to Information, with PRIVACY as a “critical to quality” characteristic
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential ELEMENTS OF PRIVACY ENGINEERING MAPPED TO JURAN Enterprise Goals User Goals Privacy Policy Requirements Policies and Procedures Privacy Mechanisms Privacy Awareness Training Quality Assurance QA Feedback Improvement
Castlebridge Associates © 2014 | Castlebridge Associates | Confidential ETHICAL INFORMATION MANAGEMENT THE NEW EIM
Castlebridge Associates © 2015 | Castlebridge Associates | Confidential Business Information Technology Society’s Ethical Framework Organisation’s Ethical Framework Regulation & Laws Lobbying StrategicTacticalOperationsCustomer Standards & Codes Standard Practices Business Strategy & Governance Information Strategy & Governance IT Strategy & Governance Business Architecture & Planning Information Architecture & Planning Technology Architecture & Planning Management & Execution of Business Processes Management & Application of Information Management & Exploitation of IT Services Process Outcome Information Outcome Customer Feedback Customer Education Expectation Business Information Technology

Recomendados

Data, Information And Knowledge Management Framework And The Data Management ...
Data, Information And Knowledge Management Framework And The Data Management ...Data, Information And Knowledge Management Framework And The Data Management ...
Data, Information And Knowledge Management Framework And The Data Management ...
Alan McSweeney
 
Data Governance Takes a Village (So Why is Everyone Hiding?)
Data Governance Takes a Village (So Why is Everyone Hiding?)Data Governance Takes a Village (So Why is Everyone Hiding?)
Data Governance Takes a Village (So Why is Everyone Hiding?)
DATAVERSITY
 
Real-World Data Governance: Data Governance Expectations
Real-World Data Governance: Data Governance ExpectationsReal-World Data Governance: Data Governance Expectations
Real-World Data Governance: Data Governance Expectations
DATAVERSITY
 
The Data Driven University - Automating Data Governance and Stewardship in Au...
The Data Driven University - Automating Data Governance and Stewardship in Au...The Data Driven University - Automating Data Governance and Stewardship in Au...
The Data Driven University - Automating Data Governance and Stewardship in Au...
Pieter De Leenheer
 
Ibm data governance framework
Ibm data governance frameworkIbm data governance framework
Ibm data governance framework
kaiyun7631
 
Adopting a Process-Driven Approach to Master Data Management
Adopting a Process-Driven Approach to Master Data ManagementAdopting a Process-Driven Approach to Master Data Management
Adopting a Process-Driven Approach to Master Data Management
Software AG
 
Data-Ed Webinar: Data Quality Engineering
Data-Ed Webinar: Data Quality EngineeringData-Ed Webinar: Data Quality Engineering
Data-Ed Webinar: Data Quality Engineering
DATAVERSITY
 
Emerging Trends in Data Architecture – What’s the Next Big Thing?
Emerging Trends in Data Architecture – What’s the Next Big Thing?Emerging Trends in Data Architecture – What’s the Next Big Thing?
Emerging Trends in Data Architecture – What’s the Next Big Thing?
DATAVERSITY
 

Recomendados

Data, Information And Knowledge Management Framework And The Data Management ...
Data, Information And Knowledge Management Framework And The Data Management ...Data, Information And Knowledge Management Framework And The Data Management ...
Data, Information And Knowledge Management Framework And The Data Management ...
Alan McSweeney
 
Data Governance Takes a Village (So Why is Everyone Hiding?)
Data Governance Takes a Village (So Why is Everyone Hiding?)Data Governance Takes a Village (So Why is Everyone Hiding?)
Data Governance Takes a Village (So Why is Everyone Hiding?)
DATAVERSITY
 
Real-World Data Governance: Data Governance Expectations
Real-World Data Governance: Data Governance ExpectationsReal-World Data Governance: Data Governance Expectations
Real-World Data Governance: Data Governance Expectations
DATAVERSITY
 
The Data Driven University - Automating Data Governance and Stewardship in Au...
The Data Driven University - Automating Data Governance and Stewardship in Au...The Data Driven University - Automating Data Governance and Stewardship in Au...
The Data Driven University - Automating Data Governance and Stewardship in Au...
Pieter De Leenheer
 
Ibm data governance framework
Ibm data governance frameworkIbm data governance framework
Ibm data governance framework
kaiyun7631
 
Adopting a Process-Driven Approach to Master Data Management
Adopting a Process-Driven Approach to Master Data ManagementAdopting a Process-Driven Approach to Master Data Management
Adopting a Process-Driven Approach to Master Data Management
Software AG
 
Data-Ed Webinar: Data Quality Engineering
Data-Ed Webinar: Data Quality EngineeringData-Ed Webinar: Data Quality Engineering
Data-Ed Webinar: Data Quality Engineering
DATAVERSITY
 
Emerging Trends in Data Architecture – What’s the Next Big Thing?
Emerging Trends in Data Architecture – What’s the Next Big Thing?Emerging Trends in Data Architecture – What’s the Next Big Thing?
Emerging Trends in Data Architecture – What’s the Next Big Thing?
DATAVERSITY
 
How to Build & Sustain a Data Governance Operating Model
How to Build & Sustain a Data Governance Operating Model How to Build & Sustain a Data Governance Operating Model
How to Build & Sustain a Data Governance Operating Model
DATUM LLC
 
Data Catalog as a Business Enabler
Data Catalog as a Business EnablerData Catalog as a Business Enabler
Data Catalog as a Business Enabler
Srinivasan Sankar
 
Improving Data Literacy Around Data Architecture
Improving Data Literacy Around Data ArchitectureImproving Data Literacy Around Data Architecture
Improving Data Literacy Around Data Architecture
DATAVERSITY
 
Data Governance Best Practices
Data Governance Best PracticesData Governance Best Practices
Data Governance Best Practices
Boris Otto
 
Data Modeling is Data Governance
Data Modeling is Data GovernanceData Modeling is Data Governance
Data Modeling is Data Governance
DATAVERSITY
 
DMBOK - Chapter 1 Summary
DMBOK - Chapter 1 SummaryDMBOK - Chapter 1 Summary
DMBOK - Chapter 1 Summary
Nicolas Ruslim
 
Data Architecture Strategies: Building an Enterprise Data Strategy – Where to...
Data Architecture Strategies: Building an Enterprise Data Strategy – Where to...Data Architecture Strategies: Building an Enterprise Data Strategy – Where to...
Data Architecture Strategies: Building an Enterprise Data Strategy – Where to...
DATAVERSITY
 
Data Architecture Best Practices for Advanced Analytics
Data Architecture Best Practices for Advanced AnalyticsData Architecture Best Practices for Advanced Analytics
Data Architecture Best Practices for Advanced Analytics
DATAVERSITY
 
Reference master data management
Reference master data managementReference master data management
Reference master data management
Dr. Hamdan Al-Sabri
 
Data Mesh for Dinner
Data Mesh for DinnerData Mesh for Dinner
Data Mesh for Dinner
Kent Graziano
 
Data Governance
Data GovernanceData Governance
Data Governance
Rob Lux
 
Best Practices in Metadata Management
Best Practices in Metadata ManagementBest Practices in Metadata Management
Best Practices in Metadata Management
DATAVERSITY
 
Activate Data Governance Using the Data Catalog
Activate Data Governance Using the Data CatalogActivate Data Governance Using the Data Catalog
Activate Data Governance Using the Data Catalog
DATAVERSITY
 
Selecting Data Management Tools - A practical approach
Selecting Data Management Tools - A practical approachSelecting Data Management Tools - A practical approach
Selecting Data Management Tools - A practical approach
Christopher Bradley
 
Data Governance Powerpoint Presentation Slides
Data Governance Powerpoint Presentation SlidesData Governance Powerpoint Presentation Slides
Data Governance Powerpoint Presentation Slides
SlideTeam
 
Data Architecture Strategies: Data Architecture for Digital Transformation
Data Architecture Strategies: Data Architecture for Digital TransformationData Architecture Strategies: Data Architecture for Digital Transformation
Data Architecture Strategies: Data Architecture for Digital Transformation
DATAVERSITY
 
Real-World Data Governance: Master Data Management & Data Governance
Real-World Data Governance: Master Data Management & Data GovernanceReal-World Data Governance: Master Data Management & Data Governance
Real-World Data Governance: Master Data Management & Data Governance
DATAVERSITY
 
Data Governance Initiative
Data Governance InitiativeData Governance Initiative
Data Governance Initiative
DataWorks Summit
 
Data-Ed Webinar: Data Governance Strategies
Data-Ed Webinar: Data Governance StrategiesData-Ed Webinar: Data Governance Strategies
Data-Ed Webinar: Data Governance Strategies
DATAVERSITY
 
Enterprise Data Management Framework Overview
Enterprise Data Management Framework OverviewEnterprise Data Management Framework Overview
Enterprise Data Management Framework Overview
John Bao Vuu
 
DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...
DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...
DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...
Christopher Bradley
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny Leroy
Thoughtworks
 

Más contenido relacionado

La actualidad más candente

Data Catalog as a Business Enabler
Data Catalog as a Business EnablerData Catalog as a Business Enabler
Data Catalog as a Business Enabler
Srinivasan Sankar
 
Data Modeling is Data Governance
Data Modeling is Data GovernanceData Modeling is Data Governance
Data Modeling is Data Governance
DATAVERSITY
 
Data Architecture Strategies: Building an Enterprise Data Strategy – Where to...
Data Architecture Strategies: Building an Enterprise Data Strategy – Where to...Data Architecture Strategies: Building an Enterprise Data Strategy – Where to...
Data Architecture Strategies: Building an Enterprise Data Strategy – Where to...
DATAVERSITY
 
Best Practices in Metadata Management
Best Practices in Metadata ManagementBest Practices in Metadata Management
Best Practices in Metadata Management
DATAVERSITY
 
Activate Data Governance Using the Data Catalog
Activate Data Governance Using the Data CatalogActivate Data Governance Using the Data Catalog
Activate Data Governance Using the Data Catalog
DATAVERSITY
 
Selecting Data Management Tools - A practical approach
Selecting Data Management Tools - A practical approachSelecting Data Management Tools - A practical approach
Selecting Data Management Tools - A practical approach
Christopher Bradley
 
Data Governance Powerpoint Presentation Slides
Data Governance Powerpoint Presentation SlidesData Governance Powerpoint Presentation Slides
Data Governance Powerpoint Presentation Slides
SlideTeam
 
Real-World Data Governance: Master Data Management & Data Governance
Real-World Data Governance: Master Data Management & Data GovernanceReal-World Data Governance: Master Data Management & Data Governance
Real-World Data Governance: Master Data Management & Data Governance
DATAVERSITY
 
Data-Ed Webinar: Data Governance Strategies
Data-Ed Webinar: Data Governance StrategiesData-Ed Webinar: Data Governance Strategies
Data-Ed Webinar: Data Governance Strategies
DATAVERSITY
 

La actualidad más candente (20)

How to Build & Sustain a Data Governance Operating Model
How to Build & Sustain a Data Governance Operating Model How to Build & Sustain a Data Governance Operating Model
How to Build & Sustain a Data Governance Operating Model
 
Data Catalog as a Business Enabler
Data Catalog as a Business EnablerData Catalog as a Business Enabler
Data Catalog as a Business Enabler
 
Improving Data Literacy Around Data Architecture
Improving Data Literacy Around Data ArchitectureImproving Data Literacy Around Data Architecture
Improving Data Literacy Around Data Architecture
 
Data Governance Best Practices
Data Governance Best PracticesData Governance Best Practices
Data Governance Best Practices
 
Data Modeling is Data Governance
Data Modeling is Data GovernanceData Modeling is Data Governance
Data Modeling is Data Governance
 
DMBOK - Chapter 1 Summary
DMBOK - Chapter 1 SummaryDMBOK - Chapter 1 Summary
DMBOK - Chapter 1 Summary
 
Data Architecture Strategies: Building an Enterprise Data Strategy – Where to...
Data Architecture Strategies: Building an Enterprise Data Strategy – Where to...Data Architecture Strategies: Building an Enterprise Data Strategy – Where to...
Data Architecture Strategies: Building an Enterprise Data Strategy – Where to...
 
Data Architecture Best Practices for Advanced Analytics
Data Architecture Best Practices for Advanced AnalyticsData Architecture Best Practices for Advanced Analytics
Data Architecture Best Practices for Advanced Analytics
 
Reference master data management
Reference master data managementReference master data management
Reference master data management
 
Data Mesh for Dinner
Data Mesh for DinnerData Mesh for Dinner
Data Mesh for Dinner
 
Data Governance
Data GovernanceData Governance
Data Governance
 
Best Practices in Metadata Management
Best Practices in Metadata ManagementBest Practices in Metadata Management
Best Practices in Metadata Management
 
Activate Data Governance Using the Data Catalog
Activate Data Governance Using the Data CatalogActivate Data Governance Using the Data Catalog
Activate Data Governance Using the Data Catalog
 
Selecting Data Management Tools - A practical approach
Selecting Data Management Tools - A practical approachSelecting Data Management Tools - A practical approach
Selecting Data Management Tools - A practical approach
 
Data Governance Powerpoint Presentation Slides
Data Governance Powerpoint Presentation SlidesData Governance Powerpoint Presentation Slides
Data Governance Powerpoint Presentation Slides
 
Data Architecture Strategies: Data Architecture for Digital Transformation
Data Architecture Strategies: Data Architecture for Digital TransformationData Architecture Strategies: Data Architecture for Digital Transformation
Data Architecture Strategies: Data Architecture for Digital Transformation
 
Real-World Data Governance: Master Data Management & Data Governance
Real-World Data Governance: Master Data Management & Data GovernanceReal-World Data Governance: Master Data Management & Data Governance
Real-World Data Governance: Master Data Management & Data Governance
 
Data Governance Initiative
Data Governance InitiativeData Governance Initiative
Data Governance Initiative
 
Data-Ed Webinar: Data Governance Strategies
Data-Ed Webinar: Data Governance StrategiesData-Ed Webinar: Data Governance Strategies
Data-Ed Webinar: Data Governance Strategies
 
Enterprise Data Management Framework Overview
Enterprise Data Management Framework OverviewEnterprise Data Management Framework Overview
Enterprise Data Management Framework Overview
 

Destacado

Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...
Cédric Laurant
 
Data protection act
Data protection act Data protection act
Data protection act
Iqbal Bocus
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
mlw32785
 

Destacado (19)

DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...
DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...
DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny Leroy
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...
 
Opensource apm scouter in practice
Opensource apm scouter in practiceOpensource apm scouter in practice
Opensource apm scouter in practice
 
Data privacy and digital strategy
Data privacy and digital strategyData privacy and digital strategy
Data privacy and digital strategy
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 
Data protection act
Data protection act Data protection act
Data protection act
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data mining
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
 
CDMP preparation workshop EDW2016
CDMP preparation workshop EDW2016CDMP preparation workshop EDW2016
CDMP preparation workshop EDW2016
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
Helpful Review Recommendation (리뷰 추천시스템)
Helpful Review Recommendation (리뷰 추천시스템)Helpful Review Recommendation (리뷰 추천시스템)
Helpful Review Recommendation (리뷰 추천시스템)
 
Naive bayes model을 활용한 영화 별점 예측 시스템
Naive bayes model을 활용한 영화 별점 예측 시스템Naive bayes model을 활용한 영화 별점 예측 시스템
Naive bayes model을 활용한 영화 별점 예측 시스템
 
2016 ISACA NACACS - Audit Privacy Considerations
2016 ISACA NACACS - Audit Privacy Considerations2016 ISACA NACACS - Audit Privacy Considerations
2016 ISACA NACACS - Audit Privacy Considerations
 
欧洲隐私与数据保护(EU privacy and data protection)
欧洲隐私与数据保护(EU privacy and data protection)欧洲隐私与数据保护(EU privacy and data protection)
欧洲隐私与数据保护(EU privacy and data protection)
 
Review of Data Management Maturity Models
Review of Data Management Maturity ModelsReview of Data Management Maturity Models
Review of Data Management Maturity Models
 

Similar a Data Privacy in the DMBOK - No Need to Reinvent the Wheel

Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
TrustArc
 
Gde presentation introduction 3.6
Gde presentation introduction 3.6Gde presentation introduction 3.6
Gde presentation introduction 3.6
Global Data Excellence
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
TrustArc
 
Key Considerations for Outsourcing Data Collection Services
Key Considerations for Outsourcing Data Collection ServicesKey Considerations for Outsourcing Data Collection Services
Key Considerations for Outsourcing Data Collection Services
Andrew Leo
 
How to Standardize Organization-Wide Data Collection
How to Standardize Organization-Wide Data CollectionHow to Standardize Organization-Wide Data Collection
How to Standardize Organization-Wide Data Collection
Qualtrics
 
AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...
AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...
AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...
Amazon Web Services
 
2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant
TrustArc
 

Similar a Data Privacy in the DMBOK - No Need to Reinvent the Wheel (20)

Privacy Advisory Service
Privacy Advisory ServicePrivacy Advisory Service
Privacy Advisory Service
 
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
 
Privacy Law and Compliance Forum 2016
Privacy Law and Compliance Forum 2016Privacy Law and Compliance Forum 2016
Privacy Law and Compliance Forum 2016
 
Sabre: Mastering a strong foundation for operational excellence and enhanced ...
Sabre: Mastering a strong foundation for operational excellence and enhanced ...Sabre: Mastering a strong foundation for operational excellence and enhanced ...
Sabre: Mastering a strong foundation for operational excellence and enhanced ...
 
Gde presentation introduction 3.6
Gde presentation introduction 3.6Gde presentation introduction 3.6
Gde presentation introduction 3.6
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
 
GDPR and Data Quality - A Service Objects webinar
GDPR and Data Quality - A Service Objects webinarGDPR and Data Quality - A Service Objects webinar
GDPR and Data Quality - A Service Objects webinar
 
12123
1212312123
12123
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
 
Whos role is it anyway
Whos role is it anywayWhos role is it anyway
Whos role is it anyway
 
Festival of Marketing
Festival of MarketingFestival of Marketing
Festival of Marketing
 
Skylads - Big Data for Telcos
Skylads - Big Data for TelcosSkylads - Big Data for Telcos
Skylads - Big Data for Telcos
 
Key Considerations for Outsourcing Data Collection Services
Key Considerations for Outsourcing Data Collection ServicesKey Considerations for Outsourcing Data Collection Services
Key Considerations for Outsourcing Data Collection Services
 
The journey to trusted data and better decisions
The journey to trusted data and better decisionsThe journey to trusted data and better decisions
The journey to trusted data and better decisions
 
( Big ) Data Management - Governance - Global concepts in 5 slides
( Big ) Data Management - Governance - Global concepts in 5 slides( Big ) Data Management - Governance - Global concepts in 5 slides
( Big ) Data Management - Governance - Global concepts in 5 slides
 
How to Standardize Organization-Wide Data Collection
How to Standardize Organization-Wide Data CollectionHow to Standardize Organization-Wide Data Collection
How to Standardize Organization-Wide Data Collection
 
AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...
AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...
AWS Summit Singapore - Building DXC's Digital Insurance as a Service (DIaaS) ...
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Why data governance is the new buzz?
Why data governance is the new buzz?Why data governance is the new buzz?
Why data governance is the new buzz?
 
2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant2019 06-19 convince customerspartnersboard gdpr-compliant
2019 06-19 convince customerspartnersboard gdpr-compliant
 

Más de DATAVERSITY

Architecture, Products, and Total Cost of Ownership of the Leading Machine Le...
Architecture, Products, and Total Cost of Ownership of the Leading Machine Le...Architecture, Products, and Total Cost of Ownership of the Leading Machine Le...
Architecture, Products, and Total Cost of Ownership of the Leading Machine Le...
DATAVERSITY
 
Data at the Speed of Business with Data Mastering and Governance
Data at the Speed of Business with Data Mastering and GovernanceData at the Speed of Business with Data Mastering and Governance
Data at the Speed of Business with Data Mastering and Governance
DATAVERSITY
 
Make Data Work for You
Make Data Work for YouMake Data Work for You
Make Data Work for You
DATAVERSITY
 
Data Catalogs Are the Answer – What is the Question?
Data Catalogs Are the Answer – What is the Question?Data Catalogs Are the Answer – What is the Question?
Data Catalogs Are the Answer – What is the Question?
DATAVERSITY
 
Data Catalogs Are the Answer – What Is the Question?
Data Catalogs Are the Answer – What Is the Question?Data Catalogs Are the Answer – What Is the Question?
Data Catalogs Are the Answer – What Is the Question?
DATAVERSITY
 
Data Modeling Fundamentals
Data Modeling FundamentalsData Modeling Fundamentals
Data Modeling Fundamentals
DATAVERSITY
 
Showing ROI for Your Analytic Project
Showing ROI for Your Analytic ProjectShowing ROI for Your Analytic Project
Showing ROI for Your Analytic Project
DATAVERSITY
 
How a Semantic Layer Makes Data Mesh Work at Scale
How a Semantic Layer Makes Data Mesh Work at ScaleHow a Semantic Layer Makes Data Mesh Work at Scale
How a Semantic Layer Makes Data Mesh Work at Scale
DATAVERSITY
 
Is Enterprise Data Literacy Possible?
Is Enterprise Data Literacy Possible?Is Enterprise Data Literacy Possible?
Is Enterprise Data Literacy Possible?
DATAVERSITY
 
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
DATAVERSITY
 
Data Governance Trends - A Look Backwards and Forwards
Data Governance Trends - A Look Backwards and ForwardsData Governance Trends - A Look Backwards and Forwards
Data Governance Trends - A Look Backwards and Forwards
DATAVERSITY
 
Data Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement TodayData Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement Today
DATAVERSITY
 
2023 Trends in Enterprise Analytics
2023 Trends in Enterprise Analytics2023 Trends in Enterprise Analytics
2023 Trends in Enterprise Analytics
DATAVERSITY
 
Data Strategy Best Practices
Data Strategy Best PracticesData Strategy Best Practices
Data Strategy Best Practices
DATAVERSITY
 
Who Should Own Data Governance – IT or Business?
Who Should Own Data Governance – IT or Business?Who Should Own Data Governance – IT or Business?
Who Should Own Data Governance – IT or Business?
DATAVERSITY
 
MLOps – Applying DevOps to Competitive Advantage
MLOps – Applying DevOps to Competitive AdvantageMLOps – Applying DevOps to Competitive Advantage
MLOps – Applying DevOps to Competitive Advantage
DATAVERSITY
 

Más de DATAVERSITY (20)

Architecture, Products, and Total Cost of Ownership of the Leading Machine Le...
Architecture, Products, and Total Cost of Ownership of the Leading Machine Le...Architecture, Products, and Total Cost of Ownership of the Leading Machine Le...
Architecture, Products, and Total Cost of Ownership of the Leading Machine Le...
 
Data at the Speed of Business with Data Mastering and Governance
Data at the Speed of Business with Data Mastering and GovernanceData at the Speed of Business with Data Mastering and Governance
Data at the Speed of Business with Data Mastering and Governance
 
Exploring Levels of Data Literacy
Exploring Levels of Data LiteracyExploring Levels of Data Literacy
Exploring Levels of Data Literacy
 
Building a Data Strategy – Practical Steps for Aligning with Business Goals
Building a Data Strategy – Practical Steps for Aligning with Business GoalsBuilding a Data Strategy – Practical Steps for Aligning with Business Goals
Building a Data Strategy – Practical Steps for Aligning with Business Goals
 
Make Data Work for You
Make Data Work for YouMake Data Work for You
Make Data Work for You
 
Data Catalogs Are the Answer – What is the Question?
Data Catalogs Are the Answer – What is the Question?Data Catalogs Are the Answer – What is the Question?
Data Catalogs Are the Answer – What is the Question?
 
Data Catalogs Are the Answer – What Is the Question?
Data Catalogs Are the Answer – What Is the Question?Data Catalogs Are the Answer – What Is the Question?
Data Catalogs Are the Answer – What Is the Question?
 
Data Modeling Fundamentals
Data Modeling FundamentalsData Modeling Fundamentals
Data Modeling Fundamentals
 
Showing ROI for Your Analytic Project
Showing ROI for Your Analytic ProjectShowing ROI for Your Analytic Project
Showing ROI for Your Analytic Project
 
How a Semantic Layer Makes Data Mesh Work at Scale
How a Semantic Layer Makes Data Mesh Work at ScaleHow a Semantic Layer Makes Data Mesh Work at Scale
How a Semantic Layer Makes Data Mesh Work at Scale
 
Is Enterprise Data Literacy Possible?
Is Enterprise Data Literacy Possible?Is Enterprise Data Literacy Possible?
Is Enterprise Data Literacy Possible?
 
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
 
Emerging Trends in Data Architecture – What’s the Next Big Thing?
Emerging Trends in Data Architecture – What’s the Next Big Thing?Emerging Trends in Data Architecture – What’s the Next Big Thing?
Emerging Trends in Data Architecture – What’s the Next Big Thing?
 
Data Governance Trends - A Look Backwards and Forwards
Data Governance Trends - A Look Backwards and ForwardsData Governance Trends - A Look Backwards and Forwards
Data Governance Trends - A Look Backwards and Forwards
 
Data Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement TodayData Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement Today
 
2023 Trends in Enterprise Analytics
2023 Trends in Enterprise Analytics2023 Trends in Enterprise Analytics
2023 Trends in Enterprise Analytics
 
Data Strategy Best Practices
Data Strategy Best PracticesData Strategy Best Practices
Data Strategy Best Practices
 
Who Should Own Data Governance – IT or Business?
Who Should Own Data Governance – IT or Business?Who Should Own Data Governance – IT or Business?
Who Should Own Data Governance – IT or Business?
 
Data Management Best Practices
Data Management Best PracticesData Management Best Practices
Data Management Best Practices
 
MLOps – Applying DevOps to Competitive Advantage
MLOps – Applying DevOps to Competitive AdvantageMLOps – Applying DevOps to Competitive Advantage
MLOps – Applying DevOps to Competitive Advantage
 

Último

FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
dlhescort
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
Renandantas16
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Dipal Arora
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
Matteo Carbone
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 

Último (20)

Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 

Data Privacy in the DMBOK - No Need to Reinvent the Wheel

  • 1. Castlebridge Associates Castlebridge Associates | Invent Centre | DCU | Glasnevin | Dublin 9| Ireland Changing How People in Organisations Think about Information DATA PRIVACY & THE DMBOK NO NEED TO REINVENT THE WHEEL!
  • 2. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential WHATWE ARE GOING TO COVER Why Data Privacy is Important Data Privacy in the DMBOK Some Other Concepts Ethical Information Management
  • 3. Castlebridge Associates © 2014 | Castlebridge Associates | Confidential WHY DATA PRIVACY IS IMPORTANT SOME KEYTRENDSTO BE AWARE OF…
  • 4. Castlebridge Associates © 2014 | Castlebridge Associates | Confidential People have entrusted us with their most personal information. We owe them nothing less than the best protections that we can possibly provide by harnessing the technology at our disposal. We must get this right. History has shown us that sacrificing our right to privacy can have dire consequences. Tim Cook, CEO Apple
  • 5. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE GLOBAL LEGISLATIVE TREND 7 17 36 68 111 0 20 40 60 80 100 120 1970s 1980s 1990s 2000s 2010-2015 Total Global Data Privacy Laws Total Global Data Privacy Law Within this, there is also continued evolution of existing Data Privacy laws (e.g. EU Data Protection Regulation)
  • 6. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential ONE KEY TREND… Global momentum toward the EU’s model of data privacy regulation has led to new laws and better protection for the consumer. Many non-EU countries have passed laws over the past 12 months that bring the world’s collective standards around data privacy closer to the high-water mark laid out by the EU’s overarching Privacy Directive. For instance, countries such as Malaysia and South Africa have recently passed new data privacy frameworks that closely follow the EU’s lead. South Africa has even gone one step farther and implemented provisions that will likely be implemented by the future EU Privacy Directive updates. - Forrester,August 2014
  • 7. © 2015 | Castlebridge Associates | Confidential A FRAMEWORK FORTHINKING ABOUT INFORMATION Strategic Business Information Technology TacticalOperationsCustomer Business Strategy & Governance Information Strategy & Governance IT Strategy & Governance Business Architecture & Planning Information Architecture & Planning Technology Architecture & Planning Management & Execution of Business Processes Management & Application of Information Management & Exploitation of IT Services Process Outcome Information Outcome Expectation Based on Amsterdam 9-box model by Prof. Rik Maes et al Privacy is Here
  • 8. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential A SUMMARY MAPPING OF CORE PRINCIPLES EU Principle OECD Principle(s) AICPA FIPP Obtain Data Fairly Openness Notice ; Choice and Consent Process for a Specified and Lawful Purpose Purpose Specification Collection Do not Process for an incompatible purpose Use Limitation Use, Retention, Disposal Ensure Data is Accurate, Complete,and Up-to-date Data Quality Quality Personal Data should be kept Safe and Secure Security Safeguards Security for Privacy; Disclosure Data must be adequate,relevant, not excessive Data Quailty Quality Personal data must not be kept for longer than necessary for the specified purposes Use, Retention, Disposal Individuals have rights of access, rectification,erasure, blocking Individual participation Access Management; Monitoring & Enforcement Penalties & Civil liability & Enforcement Accountability Monitoring & Enforcement
  • 9. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential One Stop Shop KEY PROVISIONS OF THE DATA PROTECTION REGULATION Core 8 Principles + Accountability Principle + Transparency Principle + Article 7, 8 ECHR Increased Penalties Moves towards a “Risk Based” model Explicit Focus on Governance Principles Driven Principles Driven Enhanced Rights: Data Portability; RTBF; Risk & Penalty Mitigation Documentation Risk & Penalty Mitigation Fines as % of Global Turnover General Data Protection Regulation – 1 Slide Summary
  • 10. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential WHY DOES IT MATTER?
  • 11. Castlebridge Associates © 2014 | Castlebridge Associates | Confidential DATA PRIVACY IN THE DMBOK
  • 12. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PRIVACY IN THE DMBOK WHEEL © DAMA International, used with permission
  • 13. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PRIVACY IN THE DMBOK WHEEL Remember to Respect Copyright
  • 14. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PRIVACY IN THE DMBOK WHEEL © DAMA International, used with permission
  • 15. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PROTECTIONTHROUGH THE DG/IQ LENS Current EU Data Protection Directive 95/46/EC
  • 16. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PROTECTION: PRINCIPLES Principle Governance Quality Personal data which is being processed must be fairly obtained and processed X Personal Data shall be obtained for a Specified and Lawful Purpose X Personal Data shall not be processed in a manner incompatible with the specified purpose X Personal Data shall be kept accurate and complete and, where necessary, kept up to date X Personal Data should be kept Safe & Secure X Data processed must be adequate, relevant and not excessive X X Personal data should not be kept for longer than necessary for the specified purpose or purposes X X Data Subjects have a right of Access. X
  • 17. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PROTECTION: QUALITY PRINCIPLES Principle Governance Quality Personal data which is being processed must be fairly obtained and processed X Personal Data shall be obtained for a Specified and Lawful Purpose X Personal Data shall not be processed in a manner incompatible with the specified purpose X Personal Data shall be kept accurate and complete and, where necessary, kept up to date X Personal Data should be kept Safe & Secure X Data processed must be adequate, relevant and not excessive X X Personal data should not be kept for longer than necessary for the specified purpose or purposes X X Data Subjects have a right of Access. X
  • 18. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential WHAT IS DATA QUALITY IN DMBOK? Definition: Planning, implementation, and control activities that apply quality management techniques to measure, assess, improve, and ensure the fitness of data for use. . Goals: • To measurably improve the quality of data in relation to defined business expectations. • To define requirements and specifications for integrating data quality control into the system development lifecycle. • To provide defined processes for measuring, monitoring, and reporting conformance to acceptable levels of data quality. Activities: 1. Develop and Promote Data Quality Awareness 2. Define Data Quality Requirements 3. Profile, Analyze, and Assess Data Quality 4. Define Data Quality Metrics 5. Define Data Quality Business Rules 6. Test and Validate Data Quality Requirements 7. Set and Evaluate Data Quality Service Levels 8. Continuously Measure and Monitor Data Quality 9. Manage Data Quality Issues 10. Clean and Correct Data Quality Defects 11. Design and Implement Operational DQM Procedures 12. Monitor Operational DQM Procedures and Performance Inputs Outputs Inputs: • Business Requirements • Data Requirements • Data Quality Expectations • Data Policies and Standards • Business Metadata • Technical Metadata • Data Sources and Data Stores Primary Deliverables: • Improved Quality Data • Data Management • Operational Analysis • Data Profiles • Data Quality Certification Reports • Data Quality Service Level • Agreements Metrics: • Data Value Statistics • Errors / Requirement Violations • Conformance to Expectations • Conformance to Service Levels Tools: • Data Profiling Tools • Statistical Analysis Tools • Data Cleansing Tools • Data Integration Tools • Issue and Event Management Tools
  • 19. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential EXAMPLE: MARKETING CONSENTS EXPIRE AFTER 12 MONTHS 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 12 months or over 10 -12 Months 6-9 months 3-6 months 0-3 months Marketing Months since last contact ePrivacy Directive ConsentTracker 30% x Avg uplift of €10 per campaign, 10% success rate, 1.2 million customers
  • 20. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PRIVACY IN THE DMBOK WHEEL © DAMA International, used with permission
  • 21. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PROTECTION: DATA DEVELOPMENT Principle Governance Quality Personal data which is being processed must be fairly obtained and processed X Personal Data shall be obtained for a Specified and Lawful Purpose X Personal Data shall not be processed in a manner incompatible with the specified purpose X Personal Data shall be kept accurate and complete and, where necessary, kept up to date X Personal Data should be kept Safe & Secure X Data processed must be adequate, relevant and not excessive X X Personal data should not be kept for longer than necessary for the specified purpose or purposes X X Data Subjects have a right of Access. X
  • 22. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential WHAT IS DATA DEVELOPMENT IN DMBOK? Definition: Designing, implementing, and maintaining solutions to meet the data needs of the enterprise. . Goals: • Identify and define data requirements. • Design data structures and other solutions to these requirements. • Implement and maintain solution components that meet these requirements. • Ensure solution conformance to data architecture and standards as appropriate. • Ensure the integrity, security, usability, and maintainability of structured data assets. Activities: 1. Data Modelling, Analysis and Solution Design • Analyze Information Requirements • Develop and Maintain Conceptual Data Models • Develop and Maintain Logical Data Models • Develop and Maintain Physical Data Models 2. Detailed Data Design • Design Physical Databases • Design Information Products • Design Data Access Services • Design Data Integration Services 3. Data Model and Design Quality Management • Develop Data Modeling and Design Standards • Review Data Model and Database Design Quality • Manage Data Model Versioning and Integration 4. Data Implementation • Build and test Data Access Services • Validate Information Requirements Inputs Outputs Inputs: • Business Goals and Strategies • Data Needs and Strategies • Data Standards • Data Architecture • Process Architecture • Application Architecture • Technical Architecture Primary Deliverables: • Data Requirements and Business Rules • Conceptual Data Models • Logical Data Models and Specifications • Physical Data Models and Specifications • Meta-data (Business and Technical) • Data Access Services
  • 23. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential HOW DATA DEVELOPMENT AFFECTS PRIVACY Obtain Storage Store/Share Apply
  • 24. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential HOW DATA DEVELOPMENT AFFECTS PRIVACY - EXAMPLE • EU e-marketing rules require explicit Opt-in consent for calls to mobiles and for SMS marketing • Fixed line is Opt-out • Data Modelling decision required here…
  • 25. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential HOW DATA DEVELOPMENT AFFECTS PRIVACY - EXAMPLE Marketing Other Call SMS Call Opt-in Is this a nominated contact for that purpose? Purposes Service Delivery Record opt-in for service delivery calls Opt-in Is this a nominated contact for that purpose? Record opt-in for service delivery calls Opt Out Record opt-in for service delivery calls Is this a nominated contact for that purpose? Email Opt-in Record opt-in for service delivery calls Is this a nominated contact for that purpose? Postal Opt-Out Record opt-in for service delivery calls Is this a nominated contact for that purpose?
  • 26. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential HOW DATA DEVELOPMENT AFFECTS PRIVACY – A KISS OF DEATHTO USEABLE DATA… Please tick this box if you would like us to not contact you Blanket Opt-Outs applied at the PARTY Entity level, not at the contact point or in the context of a specific purpose….
  • 27. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential WHAT CAN WE LEARN FROM DATA MODEL ABOUT PRIVACY IMPACTS?
  • 28. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PRIVACY IN THE DMBOK WHEEL © DAMA International, used with permission
  • 29. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential WHAT IS DATA ARCHITECTURE IN DMBOK? Definition: Defining the data needs of the enterprise and designing the master blueprints to meet those needs.. Goals: • To plan with vision and foresight to provide high quality data. • To identify and define common data requirements. • To design conceptual structures and plans to meet the current and long-term data requirements of the enterprise. Activities: 1. Understand Enterprise Information Needs 2. Develop and Maintain the Enterprise Data Model 3. Analyze and AlignWith Other Business Models 4. Define and Maintain the DataTechnology Architecture 5. Define and Maintain the Data Integration Architecture 6. Define and Maintain the DW/BI Architecture 7. Define and Maintain EnterpriseTaxonomies and Namespaces 8. Define and Maintain the Meta-data Architecture Inputs Outputs Inputs: • Business Goals • Business Strategies • Business Architecture • Process Architecture • IT Objectives • IT Strategies • Data Strategies • Data Issues • Data Needs • Technical Architecture Primary Deliverables: • Enterprise Data Model • Information Value Chain Analysis • Data Technology Architecture • Data Integration / MDM Architecture • DW / BI Architecture • Meta-data Architecture • Enterprise Taxonomies and Namespaces • Document Management Architecture • Metadata
  • 30. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PROTECTION: DATA ARCHITECTURE Principle Governance Quality Personal data which is being processed must be fairly obtained and processed X Personal Data shall be obtained for a Specified and Lawful Purpose X Personal Data shall not be processed in a manner incompatible with the specified purpose X Personal Data shall be kept accurate and complete and, where necessary, kept up to date X Personal Data should be kept Safe & Secure X Data processed must be adequate, relevant and not excessive X X Personal data should not be kept for longer than necessary for the specified purpose or purposes X X Data Subjects have a right of Access. X
  • 31. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential
  • 32. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE ZACHMAN FRAMEWORK Executive Business Manager Architect Engineer Technician How (Action) Why (Motivation) Where (Location) When (Event) Who (Actor) What (Data) Enterprise Scope Context Business Concepts System Logic Technology Physics Tool components Enterprise Inventory Identification Inventory Definition Inventory Representation Inventory Specification Inventory Configuration Inventory Instantiation Process Identification Process Definition Process Representation Process Specification Process Configuration Process Instantiations Distribution Identification Distribution Definition Distribution Representation Distribution Specification Distribution Configuration Distribution Instantiations Responsibility Identification Responsibility Definition Responsibility Representation Responsibility Specification Responsibility Configuration Distribution Instantiations Timing Identification Timing Definition Timing Representation Timing Specification Timing Configuration Timing Instantiations Motivation Identification Motivation Definition Motivation Representation Motivation Specification Motivation Configuration Motivation Instantiations Inventory Sets Process flows Distribution Networks Responsibility Assignments Timing Cycles Motivation Intentions Based on the Zachman Framework and content from Dennedy & Finneran’s Privacy Engineers Manifesto
  • 33. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE ZACHMAN FRAMEWORK Executive Business Manager Architect Engineer Technician How (Action) Why (Motivation) Where (Location) When (Event) Who (Actor) What (Data) Enterprise Scope Context Business Concepts System Logic Technology Physics Tool components Enterprise Inventory Identification Inventory Definition Inventory Representation Inventory Specification Inventory Configuration Inventory Instantiation Process Identification Process Definition Process Representation Process Specification Process Configuration Process Instantiations Distribution Identification Distribution Definition Distribution Representation Distribution Specification Distribution Configuration Distribution Instantiations Responsibility Identification Responsibility Definition Responsibility Representation Responsibility Specification Responsibility Configuration Distribution Instantiations Timing Identification Timing Definition Timing Representation Timing Specification Timing Configuration Timing Instantiations Motivation Identification Motivation Definition Motivation Representation Motivation Specification Motivation Configuration Motivation Instantiations Inventory Sets Process flows Distribution Networks Responsibility Assignments Timing Cycles Motivation Intentions What triggers need for data? Timing Identification Motivation Identification • Why? • Balancing priorities/goals • Purpose spec Specified data, specified purpose Specified data, specified purpose Based on the Zachman Framework and content from Dennedy & Finneran’s Privacy Engineers Manifesto
  • 34. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE ZACHMAN FRAMEWORK Executive Business Manager Architect Engineer Technician How (Action) Why (Motivation) Where (Location) When (Event) Who (Actor) What (Data) Enterprise Scope Context Business Concepts System Logic Technology Physics Tool components Enterprise Inventory Identification Inventory Definition Inventory Representation Inventory Specification Inventory Configuration Inventory Instantiation Process Identification Process Definition Process Representation Process Specification Process Configuration Process Instantiations Distribution Identification Distribution Definition Distribution Representation Distribution Specification Distribution Configuration Distribution Instantiations Responsibility Identification Responsibility Definition Responsibility Representation Responsibility Specification Responsibility Configuration Distribution Instantiations Timing Identification Timing Definition Timing Representation Timing Specification Timing Configuration Timing Instantiations Motivation Identification Motivation Definition Motivation Representation Motivation Specification Motivation Configuration Motivation Instantiations Inventory Sets Process flows Distribution Networks Responsibility Assignments Timing Cycles Motivation Intentions Data Classification IN CONTEXT How does the purpose get executed? Based on the Zachman Framework and content from Dennedy & Finneran’s Privacy Engineers Manifesto
  • 35. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE ZACHMAN FRAMEWORK Executive Business Manager Architect Engineer Technician How (Action) Why (Motivation) Where (Location) When (Event) Who (Actor) What (Data) Enterprise Scope Context Business Concepts System Logic Technology Physics Tool components Enterprise Inventory Identification Inventory Definition Inventory Representation Inventory Specification Inventory Configuration Inventory Instantiation Process Identification Process Definition Process Representation Process Specification Process Configuration Process Instantiations Distribution Identification Distribution Definition Distribution Representation Distribution Specification Distribution Configuration Distribution Instantiations Responsibility Identification Responsibility Definition Responsibility Representation Responsibility Specification Responsibility Configuration Distribution Instantiations Timing Identification Timing Definition Timing Representation Timing Specification Timing Configuration Timing Instantiations Motivation Identification Motivation Definition Motivation Representation Motivation Specification Motivation Configuration Motivation Instantiations Inventory Sets Process flows Distribution Networks Responsibility Assignments Timing Cycles Motivation Intentions Logical Schema Process Maps / Data Flow RACI Matrix Based on the Zachman Framework and content from Dennedy & Finneran’s Privacy Engineers Manifesto
  • 36. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE ZACHMAN FRAMEWORK Executive Business Manager Architect Engineer Technician How (Action) Why (Motivation) Where (Location) When (Event) Who (Actor) What (Data) Enterprise Scope Context Business Concepts System Logic Technology Physics Tool components Enterprise Inventory Identification Inventory Definition Inventory Representation Inventory Specification Inventory Configuration Invntory Instantiation Process Identification Process Definition Process Representation Process Specification Process Configuration Process Instantiations Distribution Identification Distribution Definition Distribution Representation Distribution Specification Distribution Configuration Distribution Instantiations Responsibility Identification Responsibility Definition Responsibility Representation Responsibility Specification Responsibility Configuration Distribution Instantiations Timing Identification Timing Definition Timing Representation Timing Specification Timing Configuration Timing Instantiations Motivation Identification Motivation Definition Motivation Representation Motivation Specification Motivation Configuration Motivation Instantiations Inventory Sets Process flows Distribution Networks Responsibility Assignments Timing Cycles Motivation Intentions Where is your data stored? What rules apply to that storage? Based on the Zachman Framework and content from Dennedy & Finneran’s Privacy Engineers Manifesto
  • 37. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PRIVACY IN THE DMBOK WHEEL © DAMA International, used with permission
  • 38. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential DATA PROTECTION: DATA GOVERNANCE Principle Governance Quality Personal data which is being processed must be fairly obtained and processed X Personal Data shall be obtained for a Specified and Lawful Purpose X Personal Data shall not be processed in a manner incompatible with the specified purpose X Personal Data shall be kept accurate and complete and, where necessary, kept up to date X Personal Data should be kept Safe & Secure X Data processed must be adequate, relevant and not excessive X X Personal data should not be kept for longer than necessary for the specified purpose or purposes X X Data Subjects have a right of Access. X
  • 39. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential WHAT IS DATA GOVERNANCE IN DMBOK? Definition: The exercise of authority and control (planning, monitoring, and enforcement) over the management of data assets.. Goals: • To define, approve, and communicate data strategies, policies, standards, architecture, procedures, and metrics. • To track and enforce regulatory compliance and conformance to data policies, standards, architecture, and procedures. • To sponsor, track, and oversee the delivery of data management projects and services. • To manage and resolve data related issues. • To understand and promote the value of data assets.. Activities: 1. Data Management Planning • Understand Strategic Enterprise Data Needs • Develop and Maintain the Data Strategy • Establish Data Professional Roles and Organizations • Identify and Appoint Data Stewards • Establish Data Governance and Stewardship Organizations • Develop and Approve Data Policies, Standards, and Procedures • Review and Approve Data Architecture • Plan and Sponsor Data Management Projects and Services • Estimate Data Asset Value and Associated Costs 2. Data Management Control • Supervise Data Professional Organizations and Staff • Coordinate Data Governance Activities • Manage and Resolve Data Related Issues • Monitor and Ensure Regulatory Compliance • Monitor and Enforce Conformance With Data Policies, Standards, • and Architecture • Oversee Data Management Projects and Services • Communicate and Promote the Value of Data Assets Inputs Outputs Inputs: • Business Goals • Business Strategies • IT Objectives • IT Strategies • Data Needs • Data Issues • Regulatory Requirements Primary Deliverables: • Data Policies • Data Standards • Resolved Issues • Data Management Projects and Services • Quality Data and Information • Recognized Data Value
  • 40. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential SOME KEY GOVERNANCE FUNCTIONS FROM PRIVACY PERSPECTIVE  Co-ordination of Data Privacy policies and standards  ISO29100 is a good core starting point  Ensuring staff are trained  Acting as “honest broker”  Ensuring appropriate risk posture in relation to privacy compliance  Ensuring processes for personal data are documented  Ensuring key controls are defined, operate, and are validated
  • 41. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential STEWARDSHIP FOR DATA PRIVACY Strategic Operational Tactical Doers Definers Deciders Co-ordinators           3DC Stewardship Defined not by WHERE they are in organisation, but by ROLE in relation to Information
  • 42. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential A DATA STEWARDSHIP MIND MAP Governance & Stewardship Data Use Steward (Doer/Definer) UX Requirements Privacy Reporting Screens & Reports Quality Screen & Reports Content Design & Aesthetics Data Governance Reqts (Co-ordinator) Data Standards Compliance Use of Metadata Documentation Metric Driven Quality Assurance Data Management Structure Data Collection Steward (Doer/Definer) Data Classification (PII, Sensitive) Encryption Business Content Rules Privacy Rules Privacy Reqts Steward (Decider/Definer) Purpose Notice Consent Transfer (3rd Party) Access/Correction/Deletion Proportionality Retention Responsible Action Based on work by M. Dennedy & Tom Finneran
  • 43. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential THE DATA PROTECTION OFFICER ROLE • On the Executive Board? • Reporting to Executive Board? • Must be Independent • Technical and Business skills • Accountable for the System of Governance • “StatutoryTenure”
  • 44. Castlebridge Associates © 2014 | Castlebridge Associates | Confidential SOME FINAL CONCEPTS
  • 45. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential PRIVACY BY DESIGN What is it? Privacy by Design is a philosophy for systems engineering which takes privacy into account throughout the whole engineering process. Why is it Important? Privacy by Design establishes 7 guiding principles for development of systems that respect and enhance privacy as a quality system What is it? It is just QUALITY MANAGEMENT applied to Information, with PRIVACY as a “critical to quality” characteristic
  • 46. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential PRIVACY BY DESIGN 'You cannot inspect quality into a product.' The quality is there or it isn't by the time it's inspected.
  • 47. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential PRIVACY BY DESIGN Focus on defining processes & rules, not correcting errors Privacy as a quality characteristic A function of process design, not an after thought Things need to work without undue invasion of privacy Information Asset Life Cycle thinking Communicate, Document, communicate more! Focus on the Customer – Customer determines Quality /Privacy
  • 48. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential PRIVACY ENGINEERING What is it? Privacy Engineering is the discipline that ensures the gathering and application of privacy requirements has the same primacy as other ‘functional’ requirements in processes and systems and incorporates them into the project, product, system, or information life cycle. Why is it Important? It is the glue that makes PBD operative in an organisation What is it? It is just QUALITY ENGINEERING applied to Information, with PRIVACY as a “critical to quality” characteristic
  • 49. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential ELEMENTS OF PRIVACY ENGINEERING MAPPED TO JURAN Enterprise Goals User Goals Privacy Policy Requirements Policies and Procedures Privacy Mechanisms Privacy Awareness Training Quality Assurance QA Feedback Improvement
  • 50. Castlebridge Associates © 2014 | Castlebridge Associates | Confidential ETHICAL INFORMATION MANAGEMENT THE NEW EIM
  • 51. Castlebridge Associates © 2015 | Castlebridge Associates | Confidential Business Information Technology Society’s Ethical Framework Organisation’s Ethical Framework Regulation & Laws Lobbying StrategicTacticalOperationsCustomer Standards & Codes Standard Practices Business Strategy & Governance Information Strategy & Governance IT Strategy & Governance Business Architecture & Planning Information Architecture & Planning Technology Architecture & Planning Management & Execution of Business Processes Management & Application of Information Management & Exploitation of IT Services Process Outcome Information Outcome Customer Feedback Customer Education Expectation Business Information Technology