630308331-CIPT-Onl-Mod2Transcript-pdf

Prévia do material em texto

©2022, International Association of Privacy Professionals, Inc. (IAPP) 
 
 
 
 
 PRIVACY IN TECHNOLOGY 
ONLINE TRAINING TRANSCRIPT 
MODULE 2: THE ROLE OF THE TECHNOLOGY PROFESSIONAL IN PRIVACY 
 
Introduction 
Introduction 
More and more our physical lives are merging with our digital ones. Our world is increasingly reliant on 
and held in an electronic format of some kind: as consumers, employees, students, patients, social media 
users or web surfers. Often our personal information is collected even when we are not actively 
participating. While more laws that aim to protect personal information are constantly emerging, 
expectations around privacy often go beyond what the law allows or what a company may state in its 
privacy notice. Privacy technologists are challenged with looking at their technology ecosystems through a 
privacy lens and designing systems that protect and preserve personal information. 
For an organization to establish a culture of trust and integrity, it must begin by setting forth a solid 
foundation that carefully considers the needs and values of the individuals whose information it holds. The 
policies an organization has in place and the processes by which it executes those policies should support 
that foundation. Module 2 looks at the privacy components of an organization and the role of privacy 
technologists within the technology ecosystem. 
 
Fundamentals of privacy-related IT 
Learning objective 
• Summarize the fundamentals of privacy-related technology 
Privacy notices 
A privacy notice is an external instrument published by an organization’s IT team that informs consumers, 
suppliers, business partners and individuals about the organization’s information privacy practices, values 
and commitments. Organizations must determine when to notify users of their agreement, for example, as 
soon as one enters the website, or prior to the collection of any personal information. Additionally, an 
organization’s IT team can communicate these notices using different methods depending on the type of 
information or services they are providing. Examples include requiring users to check a box indicating 
agreement to the privacy notice before entering the site or purchasing a product, or simply posting a 
conspicuous link to the privacy notice on the website. Prior to design, organizations must be aware of any 
legal and industry requirements regarding privacy notices as well as consumers’ expectations of the 
handling of their personal information. 
Privacy policies 
 
©2022, International Association of Privacy Professionals, Inc. (IAPP) 
A privacy policy is different than a privacy notice. We have discussed that privacy notices are external 
communications used to inform outside parties about an organization’s use of personal information. In 
contrast, privacy policies are internal statements designed to communicate best privacy practices and 
what information handling guidelines to follow, and when, for those within an organization. Policies 
address privacy and security, data management and data loss prevention. Privacy policies should be 
documented, easily accessible, and kept up-to-date, and all employees should be familiar with them. It is 
also important that these policies are endorsed and enforced by management and executives of the 
company. Designing internal policies is an integral part of preventing the loss or misuse of sensitive data. 
Security policies 
Adequate privacy protection of personal information is contingent on the quality of an internal security 
policy. A well-functioning internal security policy prevents unauthorized or unnecessary access to 
corporate data or resources—including intellectual property, financial data and personal information. 
Physical security measures, such as locks, safes, cameras and fences, offer further protections from both 
internal and external threats. Organizations should consider going beyond their minimal requirements for 
security, as consumer expectations dictate. Well-managed processes raise customer satisfaction and build 
consumer trust. Technical controls that secure company data will be discussed in greater depth in module 
4. 
Examine the ways in which measures are put in place to secure data. 
Data classification policies: Policies need to be established and enforced for both granting and 
revoking access to assets and information according to their classification. Employees that handle 
sensitive data should have their own user accounts that are secured by authentication 
mechanisms. These accounts should only be used to perform the user’s specific job functions. 
Data schema: A data schema is used to separate customer information. It formulates all the 
constraints to be applied on the data, defines its entities and the relationships among them. Access 
to database schemas are only available to those who need to see the information. For example, 
purchase history can be separated from personal information. Access to personal information may 
require a specific customer ID. 
Data retention: Laws and regulations may require data to be stored for a specific amount of time. 
Establish data retention schedules early in the system development life cycle. Backup storage 
devices must also be considered. Remove data on a periodic basis when older data is no longer of 
use toward a business’s objectives. 
Data deletion: When data is no longer needed, remove data and any derivatives from the system, 
ensuring that recovery methods are also removed. 
Data inventories (1) 
Keeping an inventory of data, helps to protect privacy adequately. This means knowing what data is 
collected, how it is handled, where it is stored, and how it is classified. Knowledge of data and its 
characteristics is a key part of the privacy technologist’s job. Data should be regularly monitored and 
inventoried, and device upgrades and updates should also be performed as necessary. This includes 
software updates, security patches or even replacing obsolete technology. 
Data inventories (2) 
Analyzing and interpreting data so that it can be classified and organized into information categories is an 
essential step. Common categories take the form of information assets, physical assets and intellectual 
property. Assets are then classified as confidential, internal use or public. Classifying and categorizing data 
enables an organization to properly manage and protect the assets in its possession. It can then assign 
owners to specific classifications of assets. Select each for a brief definition. 
 
©2022, International Association of Privacy Professionals, Inc. (IAPP) 
Types of assets 
Information assets: Customer and employee data as well as backup copies of data stored 
either on-site or off-site 
Physical assets: Servers, workstations, laptops, portable storage devices, backup media, 
paper files 
Intellectual property: Software code, trade secrets, brand 
Asset classifications 
Confidential: Information that should remain secure and private: customer information, 
employee Social Security numbers, payment account information 
Internal use: Business information intended for internal use only: company contact 
directories, business plans, sales forecasts, proprietary software codes 
Public: Information that can be safely shared with the public: physical address, marketing 
materials, customer service information 
Contracts and agreements 
When collected data is shared with third-party vendors, it should be handled in accordance with the 
commitments made to the data subject and data owner regardless of where their personal information is 
located or how it is used. Third-party contracts should be detailed with clear expectations of how data is to 
be managed while in their possession as well as the roles and responsibilities of vendors. Often 
organizations have obligations to specific compliance regulations that must beincluded in third-party 
contracts. For example, under the GDPR there are a specific set of guidelines that must be adhered to 
when issuing third-party contracts. It should also be made clear that the organization can perform audits 
on third-party vendors to ensure compliance. Penalties for breach of contract by a third-party vendor or 
contractor should sufficiently compensate the organization for any negative repercussions that a breach 
would cause. 
Risk analysis can assess the vulnerabilities of personal information that is in the hands of third parties and 
can inform privacy technologists on what actions need to be performed in an effort to mitigate these 
vulnerabilities and threats. Implementing controls such as separating collected data according to who is 
processing it, using data schemas, or requiring acceptance of enforcement policies when data is collected 
in the cloud. 
Privacy impact assessments (PIAs) 
A privacy impact assessment (PIA) is an analysis of how personal information is handled throughout the 
data life cycle within an organization. A PIA ensures that organizations apply legal, regulatory and policy 
requirements regarding privacy, assesses privacy risks, and recommends methods of risk mitigation. A 
significant goal of performing a PIA is to compel an organization to think about the choices it makes for its 
processes and how those choices will impact privacy. Privacy technologists can utilize the findings of a PIA 
to determine whether privacy risk is appropriately addressed using the privacy policies and procedures. 
Data protection impact assessments (DPIAs) 
Similarly, a data protection impact assessment (DPIA) is a structured approach to understanding and 
mitigating potential risks to individuals’ data you process. DPIAs are a requirement under certain privacy 
regulations and should be implemented prior to a new processing operation being put into effect. 
For example: 
 
©2022, International Association of Privacy Professionals, Inc. (IAPP) 
A PIA would be used to identify the legalities, regulations and policies a system is processing with and 
identifies necessary mitigation while a DPIA is used to determine how information covered by a PIA is 
protected and identifies any necessary mitigation. 
In the EU, the term DPIA has specific legal provisions as set out in the GDPR, although it is sometimes 
used synonymously with PIA. 
Select here for more resources on the different forms of privacy impact assessments. (Link: 
https://iapp.org/resources/topics/privacy-impact-assessment-2/#featured-resources) 
Perspectives: What are the best examples of preparedness? 
Liisa Thomas, Partner and Lead, Privacy and Cybersecurity Team, Sheppard Mullin 
So, what are the best examples of preparedness? Teams that work well together is a phenomenal example 
of preparedness and that’s something that people could do and be prepared for just in their daily work 
worlds. But actual, “OK, we’re going to sit down and we’re going to get ready for a data breach”? The 
thing other than teamwork that I’ve seen that really makes a difference during an incident—and teamwork 
takes the top, but after teamwork, I would say knowing what information you have and where it’s at. That 
is a massive, massive undertaking; don’t let anybody tell you differently. Working through and 
understanding what information you have, where it sits—that’s huge and can make a really big difference 
during an incident. 
And going along with that, when we say, “Knowing what information you have and where you have it,” it’s 
not just saying, “In System X, we maintain Social Security numbers.” It’s, “What Social Security numbers 
do we have in System X? Whose Social Security numbers do we have?” 
And a recent situation I worked on, one of the things the team had done that was such a lifesaver was 
they had the contact information for the impacted individuals. Now, obviously, you’re going to want to 
work with legal counsel to decide, “Do we want to collect more information than we need in order to fulfill 
the purposes for which we collected the information?” Data minimization is a huge way to prepare. You 
have less information, so you have less to be breached. But if you are in a situation where you had to 
have that information, and it was breached and you’ve got impacted individuals, knowing that you can 
contact them because you have their contact information can be really helpful. 
That particular situation that I’m thinking of—it was a situation where we needed to have the impacted 
individuals’ contact information. You may find yourself in a different situation and then this wouldn’t be 
applicable and that’s fine. And I think that’s actually a big takeaway for all data breach, incidents, 
management, preparedness is: each situation is unique, and you need to not worry if the way you are 
approaching this doesn’t exactly match something that you’re reading. So, there may be some materials—
here’s a guidebook, here’s a guidance—those are great. But know that the situation you are going through 
is unique to your company, it’s unique to the people at your company, and it’s unique to the fact pattern. 
So, the way that you go through that should similarly be unique. So, that, knowing that may also be a 
really great way to prepare. 
Summary 
• An organization’s privacy notice details information about that organization’s privacy practices, 
values and commitments and is externally facing. 
• In contrast, privacy policies are internal statements used for communicating best privacy practices 
and addressing privacy and security, data management and data loss prevention. 
• A well-functioning internal security policy prevents unauthorized or unnecessary access to 
corporate data or resources—including intellectual property, financial data and personal 
information. 
https://iapp.org/resources/topics/privacy-impact-assessment-2/#featured-resources
 
©2022, International Association of Privacy Professionals, Inc. (IAPP) 
• Data inventories allow organizations to track what data is collected, how it is handled, where it is 
stored and how it is classified. 
• Classifying and categorizing data enables an organization to properly manage and protect the 
assets in its possession such as, information assets (e.g., customer and employee data), physical 
assets (e.g., workstations, laptops, etc.) and intellectual property (software code, trade secrets). 
• Asset classifications include confidential (should remain secure and private), internal use (intended 
for use within the organization only) and public (can be safely shared externally). 
• When collected data is shared with third-party vendors, it should be handled according to the 
commitments made to the data subject and data owner regardless of where their personal 
information is located or how it is used. Third-party contracts should be detailed with clear 
expectations of how data is to be managed. 
• A privacy impact assessment (PIA) is an analysis of how personal information is handled during an 
organization’s data life cycle and ensures organizations apply legal, regulatory and policy 
requirements regarding privacy. A PIA also assesses privacy risks and recommends methods of risk 
mitigation. 
• A data protection impact assessment (DPIA) is a structured approach to mitigating risks and is 
required under certain privacy regulations. 
Review 
1. Which of the following is something a privacy impact assessment (PIA) does not accomplish? 
Ensures organizations apply legal, regulatory and policy requirements regarding privacy 
Assesses privacy risks 
Recommends methods of risk mitigation 
Implements controls on data collection 
 
The privacy responsibilities of the technology professional 
Learning objective 
• Understand what roles and responsibilities technology professionals hold when dealing with privacy 
Privacy responsibilities 
Data managementbegins with the business model and value stream. Most privacy-related solutions are 
hardcoded to the business process, including data models. The technology process is a tool to support the 
process and support the privacy objectives within the organization and the technology ecosystem. When 
the technology professional is brought into the conversation around the privacy objectives of the 
organization, they are better able to assist the organization in meeting those values and goals and taking 
steps to forecast and mitigate risk. Privacy technologists ensure that computers, networks, applications, 
websites, databases and security are maintained to protect data privacy according to company policy, 
regulatory requirements and industry standards. Privacy technologists create a common understanding of 
privacy needs and values concerning privacy. They make sense of the privacy issues through the controls 
put in place throughout the design. 
Evolving technology 
Technology is always evolving. Similarly, privacy laws are as well. Along with laws that are already in 
place and have been for decades, new laws continue to emerge. While laws and technology both continue 
to evolve, change and emerge, technology progresses at a much more rapid pace than laws. How then do 
privacy technologists design programs that are both flexible and innovative? 
Contractual and regulatory requirements 
 
©2022, International Association of Privacy Professionals, Inc. (IAPP) 
Privacy technologists should work closely with the organization’s legal team. This will help to identify the 
core requirements of various privacy laws and any potential risks that may impact the objectives and 
obligations of an organization. Not all obligations of an organization’s policy require a technical aspect, but 
knowing the key objectives affords a level of flexibility necessary for defining a governance program. It 
allows for privacy governance and technology solutions to evolve, for example, automating processes that 
were once manual. This strengthens the privacy policy of an organization and makes it more effective. 
Consider the following example. Comparing the objectives of different laws, an objective can be designed 
to meet both requirements. Privacy technologists can in turn orchestrate controls which support it. 
Providing feedback: policies 
As more privacy laws come into effect, evaluating privacy within an organization becomes clearer and 
more measurable. Assessing the effectiveness of a privacy policy begins with the structure of the 
compliance program, as it establishes the key objectives and associated internal controls to evaluate the 
health of the overall program. This in turn can evaluate how controls are enforced since organizations 
have a better understanding of where personal data is, and how and when it is used. This understanding 
leads to improvements in privacy governance, allowing for a more tangible risk evaluation and sufficient 
technological solutions to safeguard against privacy harms. 
Common compliance terminology engages privacy technologists and other stakeholders, and is valuable in 
creating a governance program and implementing the necessary privacy policies of any organization, 
particularly with differing privacy standards and regulations among jurisdictions. Examples of common 
terms include reasonable assurance. This implies that requirements and objectives are not absolute and 
are based on criteria that is practical to implement and manage. They are flexible and continuously 
monitored. Internal controls are objectives, tied to practical measurements, that are designed to evaluate 
privacy program components. There are two types of internal controls: preventative, which stops an 
activity, and detective, which identifies problematic activity. Overlapping safeguards is another common 
term and is key to improving resiliency of compliance and assures measurability. 
Together, these elements of compliance create structure that enables a clear and measurable framework 
which can be translated across varying elements of a privacy program. Building from the example in the 
previous slide, it is demonstrated how controls can be implemented to address both privacy and security. 
Privacy controls determine who the authorized personnel for data access are by looking at the type of 
personal information collected, its sensitivity and authorized users. 
Information governance I 
Security and privacy are intertwined, yet each have different roles in respect to technology. A security 
professional has the technical knowledge of administration, and an understanding of risk management 
practices that may allow them to integrate privacy into a technology system. Security is about protecting 
data against unauthorized access and malicious action, where privacy is about enforcing the appropriate 
use of that data within a secure environment. It addresses all ways that data is handled, including 
collection, use, sharing, maintenance and retention. Privacy professionals also address risk management. 
Security and privacy both rely on similar controls and technological capabilities. 
Technology frameworks such as ITIL, ISO 27000, Information Technology Infrastructure Library and 
COBIT (Control Objectives for Information and Related Technologies) provide service, process and 
program management to an organization’s technology environment. Because the information 
organizations collect is stored within technology systems, it is important that they can demonstrate 
compliance with any laws or regulations that govern them. 
Select each tool button for a brief overview of what each framework provides for an organization. 
ITIL: Governed and owned by AXELOS. Provides an overall measurable view of a technology 
system, service and functionality. ITIL reports on services provided by technology systems and 
 
©2022, International Association of Privacy Professionals, Inc. (IAPP) 
helps organizations use technology to support change and growth. It has a limited view of risk 
management. 
COBIT: A more comprehensive program that helps with management of a technology system that 
allows for technology governance. Technology governance focuses on systems and applications and 
supports personnel who manage data within a company. 
Information governance II 
When privacy and technology work together to meet industry standards, organizations can establish a 
common language of privacy controls and remain transparent. This is particularly critical when dealing 
with international standards. Using common and accessible terms without compromising confidentiality 
builds trust between organizations and stakeholders and is measurable against legal frameworks and 
privacy standards. Privacy determines who is authorized to access the personal information, while security 
implements the controls to that access. Review the example to see how privacy and security work 
together to meet industry standards. 
Information governance III 
Implementing an effective privacy governance program depends on the choreography of all stakeholders 
involved in processing personal data. A successful data privacy program depends on technical solutions to 
ensure that data processing meets legal requirements. Information security plays a significant role in 
controlling access to personal data. When internal groups work in concert to leverage skills, a strong 
ability to protect personal data within existing controls results. Compliance helps in defining the controls, 
both overlapping preventative and detective controls to further assure that legal and policy requirements 
are being met. All of these elements come together to support effectual information governance within an 
organization. 
Organizations need to take into account existing and developing privacy and security threats when 
identifying which technical approaches to implement. It ishighly advantageous for organizations to move 
to a more risk-based program and not focus solely on compliance. 
Summary 
• Privacy technologists ensure systems are maintained to protect data privacy and create a common 
understanding of privacy needs and values concerning privacy. 
• By working closely with an organization’s legal team, privacy technologists can more readily 
identify the core requirements of various privacy laws and any potential risks that may impact the 
objectives and obligations of an organization. 
• Assessing the effectiveness of a privacy policy begins with the structure of the compliance 
program, as that program establishes the key objectives and associated internal controls to 
evaluate the health of the overall program. 
• Common compliance terminology engages privacy technologists and other stakeholders and is 
valuable in creating a privacy governance program and implementing the necessary privacy policies 
of any organization. 
• Security and privacy are intertwined. Security is about protecting data against unauthorized access 
and malicious action, where privacy is about enforcing the appropriate use of the data within a 
secure environment. 
• Using common and accessible terms without compromising confidentiality builds trust between 
organizations and stakeholders and is measurable against legal frameworks and privacy standards. 
• A successful privacy program depends on technical solutions to ensure that data processing meets 
legal requirements. 
Review 
 
©2022, International Association of Privacy Professionals, Inc. (IAPP) 
1. Which of the following is not a privacy responsibility of a technology professional? 
Ensuring compliance 
Systems and process maintenance 
Risk mitigation 
Customer support 
 
Information security 
Learning objective 
• Explain the role of information security in protecting privacy 
 
Information security and privacy 
The worlds of security and privacy frequently intersect. Security provides privacy an avenue through which 
meaningful IT solutions can be developed to safeguard privacy. Similarly, security benefits from privacy, 
supporting security solutions and processes with privacy legal requirements, and, in consequence, 
reinforcing the mutual value of integrated privacy and security governance. Select "Next" to continue 
learning about how information security protects privacy. 
Transactions for confidential data 
The comprehensive overall organization design of a system, also known as the enterprise architecture, is 
designed to support the objectives of an organization. It recognizes that there is a relationship between all 
elements of a system. This includes servers, data elements, process models and data flow, which describe 
the order of operations and data exchanges, as well as the business processes of the organization. 
Privacy of information must be considered within both the front and back ends of a technological 
architecture, particularly when confidential information is collected for later use. Privacy is affected by 
both viewpoints in different ways. Privacy technologists must ensure that the front end is useable and 
notifies the user about the company’s privacy practices, while maintaining that the back-end design 
applies the privacy principles of the stored information pertaining to what data is collected, how it is used, 
shared and retained. Privacy technologists may consider using different architectures to achieve this 
balance of privacy between the two ends. 
Select each button to explore examples of architecture that allow for this balance and enable reuse of 
confidential information. 
Client-server architecture: With a client-server architecture, the client refers to a program that 
runs on a local computer, while the server is a program that runs on a remote computer. This 
architecture allows storing data on the client side for the purpose of completing a transaction. The 
server side includes back-end services that respond to the client’s requests, and mechanisms can 
be designed to track client behavior across multiple HTTP requests. It does not maintain shared 
data between the client and server. This type of architecture assumes that the client data is secure, 
and the storage and surveillance of the data is clear to the user. Otherwise, it poses a privacy 
threat. 
Service-oriented architecture: Service-oriented architecture is similar to client-server 
architecture in that it decouples services from the large-scale servers. It allows designers to 
replicate services across multiple machines. 
 
©2022, International Association of Privacy Professionals, Inc. (IAPP) 
Plug-in-based architecture: Plug-in based architecture extends a user’s experience with a 
website via the use of an app platform. Apps may have the ability to interact with a user and their 
data, including location or contact information. Privacy technologists must ensure that privacy 
notices are clear to prevent misuse of information. 
Breach and incident response 
Regardless of how secure an organization is, how detailed its privacy notices and policies are, or how well 
its staff are trained, data breaches and other privacy incidents may still occur. Incidents do not always 
result in data breaches, however. An incident is any event that can affect the confidentiality, integrity or 
availability of the data. When personally identifiable information is involved, then it is a privacy incident; 
examples include unauthorized disclosure, sharing or sale of data without consent, denial of service 
attacks, malware infection, hacking attempts, data exfiltration, lost or stolen devices, and misdirected 
emails. Some types of incidents are security incidents, some are privacy incidents, and some are both. It 
should also be noted that not all data incidents are personal data incidents. Proprietary or confidential 
data breaches are separate from a personal data breach. While many of the response actions are the 
same, different legal standards may apply. Data breaches are caused when the resulting incident has 
exposed the data to an unauthorized third party. Privacy technologists should understand the impact of 
privacy events upon data subjects and an organization’s handling of data subjects’ personal information 
and use that as input for identifying appropriate privacy technical measures. 
Developing an incident response team along with having a breach or incident response plan in place 
before an incident occurs is one more action an organization can take to be adequately prepared. Move 
the slider to review the elements of an effective incident response plan. 
Discovery: Actively monitoring system activity or suspicious changes to system activity is 
essential in detecting an incident that could lead to a breach. Monitoring activity on a system could 
detect tampering before any data is stolen. Users are also another line of defense in the detection 
of privacy incidents or data breaches, by reporting suspicious activity. 
Containment: A response plan should contain guidance on how to terminate an ongoing incident 
while preserving any evidence of the affected data and origin of the incident. Containment is key to 
stopping the threat before more damage is done. Do not wipe system logs. Remove and preserve 
affected systems from the network. Fully document your investigation and include timestamps 
while working through an investigation. Finally, a predetermined contingency plan should be 
executed that allows the organization to continue functioning at some capacity while data or 
resources are locked down during a privacy incident investigation. 
Analyze and notify: For data breaches and other types of privacy incidents, notification laws vary 
among jurisdictions. To be prepared, an organization should know what their notification 
obligations are in such an event. Once a privacy incident or a breach has been detectedand 
determined, legal counsel should be involved to advise the response team regarding all legal 
matters, including notification—to law enforcement, individuals and/or the public. 
Some organizations contract with a vendor to provide consumer breach notification services as 
they are up-to-date on laws surrounding breaches and can provide additional resources as needed. 
Repercussions: Fines, lawsuits and nonmonetary repercussions often follow privacy incidents or 
breaches. For example, media coverage of the incident may adversely affect an organization’s 
reputation, resulting in decreased business and loss of consumer trust. As part of the incident 
response team, a security analyst would handle an incident from start to finish including reporting 
to senior management. A privacy technologist would act as a subject matter expert to help 
diagnose the incident, mitigate the issue and provide information to the security analyst. 
 
©2022, International Association of Privacy Professionals, Inc. (IAPP) 
Prevention: Privacy incidents can be used as a learning tool to address holes in security and 
privacy procedures, review privacy policies to identify weaknesses and train employees as needed. 
Third parties: Personal information in the hands of a third party, still falls under the responsibility 
of the organization in the event of a breach, including provisions that describe the expectations and 
obligations of the vendor should an incident occur. 
Security and privacy in the systems development life cycle 
Keeping systems and data secure and meeting privacy goals and needs are large tasks to be accomplished 
throughout the life cycle of a system. Depending on the framework, these tasks are broken into phases. 
Following we will look at a model of a systems development life cycle (SLDC) using the NICE framework 
which divides security and privacy work into four categories: (1) Securely provision; (2) Operate and 
maintain; (3) Protect and defend; and (4) Investigate. 
(1) Securely provision 
This phase encompasses the tasks focused on software development. To accomplish this, privacy 
technologists will want to utilize a system development plan to ensure that all phases take place. Select 
the button to review the phases of systems development. 
Planning: Ensures that all security and regulatory and legal privacy requirements are considered. 
Design: Chooses the architecture design of the system based on the technology required to meet 
security and privacy mandates. 
Technology research and development: Explores alternatives if existing solutions do not meet 
those needs. 
Testing and evaluation: Ensures that each component of a system meets its requirements. 
Risk management: Identifies, documents and manages any risks related to the software quality, 
compliance with regulations, or security and privacy issues that present themselves within the 
system. 
(2) Operate and maintain 
Ensuring that the system is installed and configured correctly initially and throughout its use, is necessary 
to meet security and privacy goals. Customer service and technical support are employed to further 
strengthen a system’s security and privacy systems that are in place. Operation and maintenance also 
encompass data administration that manage large volumes of sensitive data that may be housed within a 
system, including analysis of an organization’s interoperation and management of the processes and tools 
used to keep track of systems and their operations. 
(3) Protect and defend 
Actively protecting the system via vulnerability assessments and management tools address potential 
threats and vulnerabilities to a system. A cyber defense infrastructure support also protects frameworks 
and may include firewalls and system monitoring, as well as having incident response plans in place. 
(4) Investigate 
In the event of a system compromise through an attack, a complete investigation is necessary. This allows 
for the discovery of: any specific data that was compromised, the method of compromise and may identify 
who may have perpetrated the attack. 
Summary 
• Information security and privacy intersect, forming a bond that is mutually beneficial. 
 
©2022, International Association of Privacy Professionals, Inc. (IAPP) 
• The comprehensive overall organizational design of a system, also known as the enterprise 
architecture, is designed to support the objectives of an organization and recognizes that there is a 
relationship between all elements of a system. Privacy technologists may use different 
architectures to ensure this relationship is present. 
• With a client-server architecture, the client refers to a program that runs on a local computer, while 
the server is a program that runs on a remote computer. This allows storing data on the client side 
for the purpose of completing a transaction. 
• Service-oriented architecture decouples services from the large-scale servers. It allows designers 
to replicate services across multiple machines. 
• Plug-in based architecture extends a user’s experience with a website via the use of an app 
platform, usually owned by a third party. 
• Regardless of how secure an organization is, how detailed its privacy notices and policies are, or 
how well its staff are trained, data breaches and other privacy incidents may still occur. 
• An incident is any event that affects the confidentiality, integrity or availability of data and data 
breaches occur when the resulting incident exposes data to an unauthorized third party. 
• Developing an incident response team along with having a breach or incident response plan in 
place before an incident occurs is one more action an organization can take to be adequately 
prepared. 
• Elements of an effective incident response plan include: discovery (actively monitoring to detect 
incidents before they occur); containment (stopping the threat before damage is done); analyze 
and notify (notifying those affected by an incident in the appropriate manner); repercussions (any 
fines, lawsuits or nonmonetary results from an incident); prevention (addressing holes in security 
and privacy procedures to negate future incidents); and third parties (how to account and plan for 
incident effects outside the main organization). 
• Keeping systems and data secure as well as meeting privacy goals and needs are large tasks to be 
accomplished throughout the life cycle of a system. Depending on the framework, these tasks are 
broken into phases. 
Review 
1. What term refers to the overall organizational design of a system and recognizes the relationship 
between all elements of that system? 
Enterprise architecture 
Plug-in architecture 
Client-based architecture 
Service-oriented architecture 
Review answers 
Fundamentals of privacy-related IT 
1. Implements controls on data collection 
The privacy responsibilities of the technology professional 
1. Customer support 
Information security 
1. Enterprise architecture 
 
 
*Quiz questions are intended to help reinforce key topics covered in the module. They are not meant to 
represent actual certification exam questions.