Integrated Data Privacy - a management approach for the future
OCEG is pleased to announce release of the Integrated Data Privacy Capability Model and a new certification for Integrated Data Privacy Professionals.
Today OCEG released the Integrated Data Privacy Capability Model and associated certification for Integrated Data Privacy Professionals. Unlike other available resources and certifications, which generally outline the requirements of various data privacy regulations and tell you what you need to comply with, through this Capability Model we are seeking to help you understand how to meet those needs.
Applying the Capability Model will help you to keep your company (and yourself) out of the hot water where Drizly found itself earlier this week, when the U.S. Federal Trade Commission (FTC) announced a proposed order against the company and its CEO, James Cory Rellas, for security failures that exposed data of 2.5 million consumers.
The FTC’s press release includes a statement that "Notably, the order applies personally to Rellas, who presided over Drizly’s lax data security practices as CEO. In the modern economy, corporate executives frequently move from company to company, notwithstanding blemishes on their track record. Recognizing that reality, the Commission’s proposed order will follow Rellas even if he leaves Drizly. Specifically, Rellas will be required to implement an information security program at future companies if he moves to a business collecting consumer information from more than 25,000 individuals, and where he is a majority owner, CEO, or senior officer with information security responsibilities."
The new OCEG Integrated Data Privacy Capability Model is designed to help organizations avoid the types of problems that Drizly appears to have had.
Together with a global review committee of privacy experts and the input of OCEG training partner Straits Interactive, we have developed a capability model that offers a detailed step-by-step guide to designing, running and evaluating a strong data privacy program for any organization.
Following the structure of the GRC Capability Model, we walk you through every stage of identifying relevant requirements for your organization, keeping track of where and how you are collecting and processing personal information, and ensuring that your data privacy program is transparent and auditable.