Privacy in Practice

Privacy is not just the right to be left alone, but also the right to autonomy, control, and access to your personal data. This book aims at helping privacy leaders, professionals and organizations in establishing a unified, integrated, privacy program, both on a personal and enterprise-wide level.

Autorentext

Mr. Alan Tang has extensive experience devoted to privacy and security practices. Dr. Tang specializes in establishing and operationalizing risk-based and actionable privacy frameworks and programs in alignment with global privacy laws, regulations, and standards such as GDPR, CCPA/CPRA, PIPEDA, PIPL, LGPD, GAPP, ISO 27701, and NIST PF, etc. He believes in simplifying, automating, and scaling privacy controls to enable business growth.

Dr. Tang has firsthand experience in implementing an enterprise-wide, unified privacy framework and program for a Fortune 50 international company. The privacy framework has been implemented in 50+ countries through three phases. He has a strong history of working with business leaders in a wide range of privacy-related domains such as privacy strategy and roadmap, PIA and DPIA, privacy policies and procedures, privacy-by-design in SDLC, data subject rights assurance, data retention, data disclosure and sharing, data cross-border transfer, data security protection, privacy awareness training, data breach handling, etc.

Dr. Tang holds a Ph.D. degree in Information Security and an MBA degree. Alan also holds numerous privacy and security designations including FIP, CIPP/E, CIPP/US/C, CIPM, CIPT, CISSP, CISA, PMP, and previously ISO27001LA and PCI DSS QSA.

Inhalt

Part 1: Privacy Basics and Landscape, 1. Privacy Concept and a Brief History, 2. Legal Systems, World Models, and Landscape, 3. GDPR, CCPA/CPRA, PIPL and PIPEDA, 4. Privacy Best Practices, Standards, and Certifications, Part 2: Business Impact and a Holistic Framework, 5. Data Protection Drivers and Challenges, 6. Unified Data Protection Framework, 7. Privacy Program Assessment and Roadmap, 8. Privacy Program Management Metrics and Tools, Part 3: Privacy Governance, 9. Data Protection Legal Mandate and Business Requirements, 10. Governance Structure and Responsibilities, 11. Privacy Policies and Procedures, 12. Privacy Awareness, Training, and Engagement, Part 4: Privacy Operations, 13. Privacy Impact Assessment (PIA), 14. Record of Processing Activities, 15. Privacy Notice, 16. Lawful Basis, 17. Data Collection, 18. Data Usage and Maintenance, 19. Personal Data Sharing, 20. Data Residency and Cross-Border Transfers, 21. Data Retention and De-Identification, 22. Security of Personal Data Processing, Part 5: High-Risk Business Scenarios, 23. PbD in Marketing Practices, 24. Workforce Data Protection, 25. Protection of Children's Data, 26. PbD for AI Solutions, Part 6: Data Breach Handling and DPA Cooperation, 27. Data Subject Rights, Inquiries, and Complaints, 28. Data Breach Handling, 29. DPA Cooperation