Robust privacy programs needed to deal with growing set of challenges
Waves of new data, from new technologies and various regulations across the global economy, call for heightened enterprise vigilance to deal with privacy concerns, according to new guidance from global business technology and information security association ISACA.
A wide array of business scenarios – from scanning devices at airports to police body cameras to visual-recording drones – must put privacy among the central considerations, according to the new publication, ISACA Privacy Principles and Program Management Guide. It provides extensive direction on how practitioners and their organisations can effectively govern their privacy programs.
ISACA identified seven categories of privacy every enterprise must address:
1. Privacy of person, including the right for a person’s body to be free of unauthorised invasion
2. Privacy of behavior and action, including personal activities, orientations and preferences
3. Privacy of communication, including telephone conversations, emails and other forms of correspondence
4. Privacy of data and image, including personal information
5. Privacy of thoughts and feelings, including religious beliefs and political views
6. Privacy of location and space, including being free from intrusion
7. Privacy of association, including the ability for people to freely get together with groups of their choosing
The guide provides a set of privacy principles aligned with the most commonly used privacy standards, frameworks and good practices while filling existing gaps among them to deliver a harmonised privacy framework. Special instruction on how to use the COBIT 5 framework to implement a more robust privacy program is included.
“By establishing a robust privacy governance and management program, organisations around the world can address and successfully mitigate privacy risk throughout the entire enterprise,” said Christos Dimitriadis, Ph.D. CISA, CISM, CRISC, chair of ISACA’s Board of Directors and group director of Information Security for INTRALOT.
The privacy guide is available for purchase at www.isaca.org/privacy-principles. Additional privacy insights can be found on the ISACA Now blog.
ISACA (isaca.org) helps professionals around the globe realise the positive potential of technology in an evolving digital world. By offering industry-leading knowledge, standards, credentialing and education, ISACA enables professionals to apply technology in ways that instill confidence, address threats, drive innovation and create positive momentum for their organisations. Established in 1969, ISACA is a global association with more than 140,000 members and certification holders in 187 countries. ISACA is the creator of the COBIT framework, which helps organisations effectively govern and manage their information and technology. Through its Cybersecurity Nexus (CSX), ISACA helps organisations develop skilled cyber workforces and enables individuals to grow and advance their cyber careers.