CIPM Exam Questions With Complete Solutions.

Privacy vision and mission - Statement of an org concisely communicates stance on privacy to all stakeholders 3 things to create a company vision - 1. Get knowledge on privacy approaches 2. Evaluate intended objective 3. Get sponsor approval Elements within a privacy vision - 1. Value of privacy to the org 2. Org objectives 3. Strategies to achieve intended outcomes 4. Roles/responsibilities Considerations when developing privacy strategy (3) - 1. Business alignment 2. Develop a data governance strategy for PI 3. Plan inquiry/complaint handling procedures Components of data governance (4) - Collection, access, authorized use, destruction Structure of privacy team large orgs - Chief privacy officer, privacy manager, privacy analyst, business line privacy leaders, first responders Privacy "team" for a small org - Sole data protection officer Once strategy is defined, org can move to develop -privacy program frameworkStuff a privacy program is responsible for (7) - Education/awareness, monitoring regulation, internal policy compliance, data inventories/flows/classification, PIAs, incident response, remediation, audits How to implement the privacy program framework (2) - Communicate to internal/external stakeholders, ensure alignment with laws/regs Privacy strategy vs framework - Strategy is the why / goals Framework is the what / form and structure Privacy frameworks provide ___________ ________ that guide privacy team through privacy mgmt - Implementation roadmaps Benefits of privacy program framework (4) - Reduce risk, avoid/plan for incidents, sustain market value and rep, provide measurements in compliance with laws and standards Privacy framework is used loosely to describe 4 things that guide the privacy professional in program mgmt - Processes, templates, tools, laws/standards 5 things useful for effective policy lifecycle - 1. Inward facing policies that are simple to understand 2. Get approval from decision makers and stakeholders 3. Socialize policies to all employees 4. Train employees and enforce policies 5. Review/revise policies at least annually, after a breach or when business circumstances change Privacy governance may be (3 things) - 1. Localized 2. Centralized 3. Hybrid Hybrid privacy governance model - Combines localized and centralized. Most common when large org assigns someone to be responsible for privacy of the rest of the org Local/decentralized privacy governance - Decision making is delegated for the lower levels of the org.Centralized privacy governance - One team or person is responsible for privacy related affairs. Works best in orgs with single channel functions with planing and decision making