A global technology provider requested support in maturing their privacy risk documentation to align the terminology and methodology for assessing risk across both two disciplines of privacy and security.
Privacy risk documentation needed to be revised and updated to align the two areas, and additional efforts were required beyond the creation of a procedural document to enable the use of metrics for reporting privacy risk to senior executives.
The client was using OneTrust for its PIA/DPIA process, and further guidance was provided to align the templates with industry standards.
our approach
Myna’s approach to this challenge was to address the three target areas using an agile methodology, addressing each of the key areas in phases and ensuring collaboration across the team for consistency between the deliverables.
- Myna reviewed the existing risk documentation for both security and privacy, before working to align the two. Our methodology identified similarities and differences between security and privacy risk and developed solutions to enable consistent risk assessment across both areas.
- Our team reviewed and documented the existing metrics supporting the privacy program, identifying the roles and responsibilities of stakeholders for each metric, and providing templates for reporting on these metrics to senior executives.
- We conducted a review and provided recommendations for revisions to the client’s PIA/DPIA templates.
Program Outcomes
The provision of updated and aligned documentation, supporting metrics dashboards, risk assessment dashboards, and OneTrust PIA/DPIA template revisions enabled the client’s privacy risk framework to report consistently with the security risk framework.
- Myna provided an updated Privacy Risk Standard, aligning it with the terminology and framework used in the Security Standard. Additionally, we provided a methodology for assessing the likelihood of incidents more aligned with a privacy program and the maturity of privacy controls.
- Our team created a risk scoring a reporting dashboard for logging, assessing, and monitoring mitigation efforts.
- We revised the privacy metrics list with risk scoring and reporting that aligns with the privacy risk standard.
- Myna assisted in the creation of a metrics dashboard for capturing the individual metrics and providing a clear and concise readout for senior executives.
- Our team provided a detailed report of recommended enhancements to the existing PIA/DPIA templates.
