Robust privacy programs needed to deal with growing set of challenges
Waves of new data, from new technologies and various regulations across the global economy, call for heightened enterprise vigilance to deal with privacy concerns, according to new guidance from global business technology and information security association ISACA.
A wide array of business scenarios – from scanning devices at airports to police body cameras to visual-recording drones – must put privacy among the central considerations, according to the new publication, ISACA Privacy Principles and Program Management Guide. It provides extensive direction on how practitioners and their organisations can effectively govern their privacy programs.
ISACA identified seven categories of privacy every enterprise must address:
- Privacy of person, including the right for a person’s body to be free of unauthorised invasion
- Privacy of behavior and action, including personal activities, orientations and preferences
- Privacy of communication, including telephone conversations, emails and other forms of correspondence
- Privacy of data and image, including personal information
- Privacy of thoughts and feelings, including religious beliefs and political views
- Privacy of location and space, including being free from intrusion
- Privacy of association, including the ability for people to freely get together with groups of their choosing
The guide provides a set of privacy principles aligned with the most commonly used privacy standards, frameworks and good practices while filling existing gaps among them to deliver a harmonised privacy framework. Special instruction on how to use the COBIT 5 framework to implement a more robust privacy program is included.
“By establishing a robust privacy governance and management program, organisations around the world can address and successfully mitigate privacy risk throughout the entire enterprise,” said Christos Dimitriadis, Ph.D. CISA, CISM, CRISC, chair of ISACA’s Board of Directors and group director of Information Security for INTRALOT.