Day 1
Module 1: Fundamentals of Information Privacy
- Unit 1: Common Principles and Approaches to Privacy
- This unit includes a brief discussion about the modern history of privacy, an introduction to types of information, an overview of information risk management and a summary of modern privacy principles.
- Unit 2: Jurisdiction and Industries
- This unit introduces the major privacy models employed around the globe and provides an overview of privacy and data protection regulation by jurisdictions and by industry sectors.
- Unit 3: Information Security: Safeguarding Personal Information
- This unit presents introductions to information security, including definitions, elements, standards, and threats/vulnerabilities, as well as introductions to information security management and governance, including frameworks, controls, cryptography and identity and access management (IAM).
- Unit 4: Online Privacy: Using Personal Information on Websites and with Other Internet-related Technologies
- This unit discusses the web as a platform, as well as privacy considerations for sensitive online information, including policies and notices, access, security, authentication identification and data collection. Additional topics include children's online privacy, email, searches, online marketing and advertising, social media, online assurance, cloud computing, and mobile devices.
Day 2
Module 2: European Privacy
- Unit 1: Introduction to European Data Protection
- This unit introduces the origins and historical context for privacy in Europe, the European regulatory institutions and the legislative framework for current EU data protection law at both the EU and state level.
- Unit 2: European Data Protection Law and Regulation
- This unit takes an in-depth look at data protection concepts, application of the law, data protection principles, legitimate processing criteria, information provision obligations, data subject rights, confidentiality and security, notification requirements, international data transfers, and supervision and enforcement.
- Unit 3: Compliance with European Data Protection Law and Regulation
- This unit examines the employment relationship, surveillance activities, marketing activities, internet technology and communications, and outsourcing.
Day 3
Module 3: Privacy Management
- This Programme is broken into two segments. The first segment describes important practices in managing privacy. The second segment is an interactive format in which participants apply these practices to a real-world scenario.
- Unit 1: Privacy Programme Governance
- This unit describes how to create a privacy Programme at an organisational level, develop and implement a framework, and establish metrics to measure Programme effectiveness. Topics include: creating a company vision for its privacy Programme; establishing a privacy Programme that aligns to the business; structuring the privacy team; developing organisational privacy policies, standards and guidelines; defining privacy Programme activities; and defining Programme metrics.
- Unit 2: Privacy Operational Life Cycle
- This substantial unit reviews privacy Programme practices through the privacy life cycle: assess, protect, sustain and respond. Topics include: documenting the privacy baseline of the organisation; data processors and third-party vendor assessments; physical assessments; mergers, acquisitions and divestitures; privacy threshold analysis; privacy impact assessments; information security practices; Privacy by Design; integrating privacy requirements across the organization, auditing your privacy Programme; creating awareness of the organisation's privacy Programme; compliance monitoring; handling information requests; and handling privacy incidents.
Unit 2: Jurisdiction and Industries This unit introduces the major privacy models employed around the globe and provides an overview of privacy and data protection regulation by jurisdictions and by industry sectors.
Unit 3: Information Security: Safeguarding Personal Information This unit presents introductions to information security, including definitions, elements, standards, and threats/vulnerabilities, as well as introductions to information security management and governance, including frameworks, controls, cryptography and identity and access management (IAM).
Unit 4: Online Privacy: Using Personal Information on Websites and with Other Internet-related Technologies This unit discusses the web as a platform, as well as privacy considerations for sensitive online information, including policies and notices, access, security, authentication identification and data collection. Additional topics include children's online privacy, email, searches, online marketing and advertising, social media, online assurance, cloud computing, and mobile devices.
Unit 2: European Data Protection Law and Regulation This unit takes an in-depth look at data protection concepts, application of the law, data protection principles, legitimate processing criteria, information provision obligations, data subject rights, confidentiality and security, notification requirements, international data transfers, and supervision and enforcement.
Unit 3: Compliance with European Data Protection Law and Regulation This unit examines the employment relationship, surveillance activities, marketing activities, internet technology and communications, and outsourcing.
Unit 1: Privacy Programme Governance This unit describes how to create a privacy Programme at an organisational level, develop and implement a framework, and establish metrics to measure Programme effectiveness. Topics include: creating a company vision for its privacy Programme; establishing a privacy Programme that aligns to the business; structuring the privacy team; developing organisational privacy policies, standards and guidelines; defining privacy Programme activities; and defining Programme metrics.
Unit 2: Privacy Operational Life Cycle This substantial unit reviews privacy Programme practices through the privacy life cycle: assess, protect, sustain and respond. Topics include: documenting the privacy baseline of the organisation; data processors and third-party vendor assessments; physical assessments; mergers, acquisitions and divestitures; privacy threshold analysis; privacy impact assessments; information security practices; Privacy by Design; integrating privacy requirements across the organization, auditing your privacy Programme; creating awareness of the organisation's privacy Programme; compliance monitoring; handling information requests; and handling privacy incidents.
