[Home] [Catalog] [Category] [Previous Item] [Next Item] [Checkout] [Review Cart] [Button]
[Logo Image]


Privacy Management Toolkit

[Item Image]
by InformationShield. Version 1.0, Book +
CD and license.
Version 1.0
by InfromationShield

THE PRIVACY MANAGEMENT TOOLKIT is the definitive resource for Chief Privacy Officers
or anyone responsible for protecting customer information and maintaining compliance with
international privacy regulations.

THE PRIVACY MANAGEMENT TOOLKIT, Version 1.0 is a complete resource for managing
customer and employee data privacy while maintaining compliance with international data
protection laws. Based on the 15 year consulting experience of Rebecca Herold, CISSP,
CISM, CISA, The Privacy Management Toolkit addresses all of the critical components of
data privacy for less than the cost of one day of outside consulting advice. The Privacy
Management Toolkit has everything you need to save money while building a privacy
governance program based on O.E.C.D. Fair Information Principles.

- - - - - - -

The Toolkit includes:
1. A complete data privacy policy library with over 100 individual pre-written policies
- Coverage of the latest technical, legal and regulatory data privacy issues
- Policies covering all the Fair Information Principles from the O.E.C.D., allowing for
easy gap-analysis against existing international privacy laws
- Expert commentary discussing the risks mitigated by each policy

2. Detailed information on over 25 U.S. and international privacy laws, including:
- E.U. Data Protection Directive, HIPAA, Gramm-Leach-Bliley Act (GLBA), PIPEDA,
Japanese Data Protection, US CAN-SPAM Act, and many others.
- Overview of data protection requirements and history of each law.
- Related fines and legal actions for each law, which can be used to help prepare for and
document organizational risk assessments.
- Discussion and advice on building and maintaining a privacy program that will keep
you compliant.

3. Valuable time-saving tools, checklists and templates including:
- A complete privacy officer's checklist to track and manage the regular requirements of
privacy management.
- A data privacy breach impact worksheet that allows organizations to calculate the
total cost of a privacy breach.
- A complete sample external web site privacy policy with easy customization tips and
- How to identify, document and protect Personally Identifiable Information (PII) in your
- Privacy development resources such as data privacy Periodicals, professional
associations and related privacy organizations.

4. Expert advice on establishing a Privacy Governance program, including:
- A complete discussion of OECD Fair Information Principles, including a Privacy
Impact Assessment that organizations can use to perform a detailed gap-analysis against
the principles.
- A step-by-step checklist of development tasks to quickly start a privacy governance
- Helpful tips for getting management buy-in for data privacy awareness and education.
- Real-world examples of problems caused by missing or poor privacy management.

5. All content available on an easy-to-use CD-ROM with an indexed and searchable HTML
interface for easy location, featuring:
- Policies available in HTML, PDF, MS-Word format
- Easy cut-and-paste into existing corporate documents
- Extensive cross-references between policies, regulations and OECD Fair Information
Principles that help you quickly locate the information you need.

- - - - - - -

Privacy Management Toolkit covers these important data privacy topics:
- Critical components of a privacy governance program
- Privacy Roles and Responsibilities
- Personally Identifiable Information (PII)
- Privacy Impact Assessments
- Privacy Breach Analysis
- Cross-border data flows
- Privacy in Third-party contracts
- Fair Information Principles
- Privacy Enhancing Technologies - including:
- Encryption, Privacy Seals, Blind signatures, and Biometrics
- Privacy Inhibiting Technologies - including:
- SPAM, Spyware, RFID Tags and Surveillance Systems
- Privacy Awareness and Training
- Privacy Incident Response
- SPAM Prevention

- - - - - - -


- The Current State of Privacy Concerns
- Privacy Incidents Are Increasing
- Privacy is a Core Business Issue
- Increasing Privacy and Security Threats and Breaches
- Privacy Related Laws Impact Business
- The Financial Impact of Privacy on Business
- Why You Might Be At Risk
- What this guide can do for you
- Using this guide
- Using the Sample Policies and Forms
- Balancing Trade-Offs
- Need For Competent Advice

- Defining Privacy Governance
- Why is a Privacy Governance Program Necessary?
- You Must Know What to Protect
- Protect Your Business; Avoid Privacy Mistakes
- Building Your Privacy Governance Program
- Develop Your Privacy Governance Program
- Establish Privacy Leadership
- Protect Privacy within Customer Relationship Management
- Establish Privacy Policies and Procedures
- Educate all personnel and business partners on privacy requirements
- Monitor Security and Privacy Related Laws
- Define and document the PII your organization handles and map the data flows
- Establish privacy incident response procedures
- Create a sanctions policy for non-compliance with privacy policies
- Determine Incident Financial Impact
- Communicate Leading Practices to Executives

- What is Personally Identifiable Information?
- Personal Information in the News
- How Does the Definition Vary Across the Globe?
- Regulatory and Legal Definitions
- What Do YOU Consider As Personally Identifiable Information?
- Summary of Steps to Identify PII within an Organization

- OECD Background and Privacy Principles
- The OECD Privacy Principle
- Using this guide for OECD compliance
- World-wide Laws Constructed Around the OECD Principles
- Standard Contractual Requirements
- Privacy Principle 1: Collection Limitation Principle
- Privacy Principle 2: Data Quality
- Privacy Principle 3: Purpose Specification Principle
- Privacy Principle 4: Limiting Use, Disclosure and Retention Principle
- Privacy Principle 5: Security Safeguards Principle
- Privacy Principle 6: Openness Principle
- Privacy Principle 7: Individual Participation Principle
- Privacy Principle 8: Accountability Principle
- Privacy Principle 9: Free Flow of Personal Information and Restrictions

- How to Use This Chapter
- Background Discussion
- Specific Laws to Consider
1) Uniting and Strengthening America by Providing Appropriate Tools Required to
Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
2) Children's Internet Protection Act of 2001 (CIPA)
3) Gramm-Leach-Bliley Financial Services Modernization Act of 1999 (GLBA)
4) Fair Credit Reporting Act of 1999 (FCRA)
5) Children's Online Privacy Protection Act of 1998 (COPPA)
6) Health Insurance Portability and Accountability Act of 1996 (HIPAA)
7) Telecommunications Act of 1996
8) Electronic Freedom of Information Act of 1996 (E-FOIA)
9) Family Education Rights and Privacy Act of 1974 (FERPA; also know as the
Buckley Amendment)
10) Right to Financial Privacy Act of 1978 (RFPA)
11) Privacy Protection Act of 1980 (PPA)
12) Cable Communications Policy Act of 1984 (Cable Act)
13) Electronic Communications Privacy Act of 1986 (ECPA)
14) Computer Security Act of 1987
15) Video Privacy Protection Act of 1988
16) Telephone Consumer Protection Act of 1991 (TCPA)
17) Driver's Privacy Protection Act of 1994
18) Communications Assistance for Law Enforcement Act of 1994 (CALEA)
19) Computer Fraud and Abuse Act of 1986 (CFAA)
20) California Senate Bill 1386 (SB 1386)
21) Fair and Accurate Credit Transactions Act (FACTA) of 2003
22) Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM)
Act of 2003
23) Other U.S. Privacy Related Laws

Chapter 6: International Privacy Related Laws
- How to Use This Chapter
- Background Discussion on International Privacy Laws
- Specific Laws to Consider
1) European Union Data Protection Directive of 1998
2) Canada: Personal Information Protection and Electronic Data Act (PIPEDA) of 2000
(Bill C-6)
3) Japan: Personal Information Protection Law
4) Australia: Privacy Act of 1988
5) New Zealand: Privacy Act, May 1993; Privacy Amendment Act, 1993; Privacy
Amendment Act, 1994
- Other International Laws

Chapter 7: Privacy Enhancing Technologies
- How to Use This Chapter
- Background
- PET 1: Encryption
- PET 2: Steganography
- PET 3: Platform for Privacy Preferences (P3P)
- PET 4: Privacy Seals
- PET 5: Blind signatures
- PET 6: Biometrics
- PET 7: Pseudonymous and Anonymous systems
- PET 8: Enterprise Privacy Authorization Language (EPAL)
- PET 9: Message Filtering
- PET 10: Pop-up Blockers
- PET 11: Cookie Managers and Bug Zappers
- PET 12: Spyware Management

Chapter 8: Privacy Inhibiting Technologies
- How to Use This Chapter
- Background
- Specific Privacy Inhibiting Technologies
- PIT 1: Cookies
- PIT 2: Web Bugs
- PIT 3: Spam
- PIT 4: Spyware
- PIT 5: Systems, Web Server and Applications Logs
- PIT 6: RFID Tags
- PIT 7: Surveillance Systems

Appendix A: Privacy Glossary

Appendix B: Privacy Resources

Appendix C: Privacy Officer Checklist

Appendix D: Sample CPO Job Description

Appendix E: Sample Privacy Incident Response Form

Appendix F: Privacy Breach Impact Worksheet

Appendix G: Privacy Impact Self-Assessment

Appendix H: Executive Privacy Presentation

Appendix I: Sample External Privacy Policy

Appendix J: Sample Privacy Assessment Questionnaire for Employees

Appendix K: References

About the Author


- - - - - - -
Book, 297 pages) + interactive CD and organization-wide license to republish the
Order #DR848.
Special Order.
- - - - - - -

[Home] [Catalog] [Category] [Previous Item] [Next Item] [Checkout] [Review Cart] [Button]

Rothstein Associates Inc.

4 Arapaho Rd.
Brookfield, CT 06804-3104 USA
1-888-ROTHSTEin; (888.768.4783)
Telephone: 203.740.7444; 888.768.4783
Fax: 203.740.7401
E-Mail: info@rothstein.com

"Keep Me Posted"

Business Survival Newsletter

Rothstein Associates, Inc. is a BBB Accredited Business. Click for the BBB Business Review of this Financial Planning Consultants in Brookfield CT

SecurityMetrics for PCI Compliance, QSA, IDS, Penetration Testing, Forensics, and Vulnerability Assessment

Contact Us | The Rothstein Catalog on Disaster Recovery | The Rothstein Catalog on Service Level Books
Original Feature Articles | Disaster Recovery Forum | Today's Industry News | Links to Industry Web Sites
Management Consulting Services | Business Survival ™ Newsletter Business Survival ™ Weblog (New!)
‘Keep Me Posted’ | Privacy Policy | Site Map | RSS Feed | Rothstein Publishing


E-mail Rothstein Associates Inc.