Privacy Compliance

Responsible for developing and overseeing an organization’s privacy compliance program and staff, including establishing and managing privacy-related governance, policy, and incident response needs.

  • T0898: Establish an internal privacy audit program
  • T1014: Determine if security incidents require legal action
  • T1020: Determine the operational and safety impacts of cybersecurity lapses
  • T1054: Scope analysis reports to various audiences that accounts for data sharing classification restrictions
  • T1058: Advise senior management on risk levels and security posture
  • T1059: Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements
  • T1060: Advise senior management on organizational cybersecurity efforts
  • T1084: Identify anomalous network activity
  • T1092: Conduct functional and connectivity testing
  • T1096: Perform privacy impact assessments (PIAs)
  • T1118: Identify vulnerabilities
  • T1119: Recommend vulnerability remediation strategies
  • T1145: Develop strategic plans
  • T1146: Maintain strategic plans
  • T1189: Determine if contracts comply with funding, legal, and program requirements
  • T1224: Determine impact of noncompliance on organizational risk levels
  • T1225: Determine impact of noncompliance on effectiveness of the enterprise's cybersecurity program
  • T1279: Prepare audit reports
  • T1334: Produce cybersecurity instructional materials
  • T1335: Promote cybersecurity awareness to management
  • T1336: Verify the inclusion of sound cybersecurity principles in the organization's vision and goals
  • T1476: Promote awareness of cybersecurity policy and strategy among management
  • T1489: Correlate incident data
  • T1492: Integrate laws and regulations into policy
  • T1549: Evaluate the impact of legal, regulatory, policy, standard, or procedural changes
  • T1853: Determine if new and existing services comply with privacy and data security obligations
  • T1854: Develop and maintain privacy and confidentiality consent forms
  • T1855: Develop and maintain privacy and confidentiality authorization forms
  • T1856: Integrate civil rights and civil liberties in organizational programs, policies, and procedures
  • T1857: Integrate privacy considerations in organizational programs, policies, and procedures
  • T1858: Serve as liaison to regulatory and accrediting bodies
  • T1859: Register databases with local privacy and data protection authorities
  • T1860: Promote privacy awareness to management
  • T1861: Establish organizational Privacy Oversight Committee
  • T1862: Establish cybersecurity risk assessment processes
  • T1863: Develop information sharing strategic plans
  • T1864: Develop organizational information infrastructure
  • T1865: Implement organizational information infrastructure
  • T1866: Develop self-disclosure policies and procedures
  • T1867: Oversee consumer information access rights
  • T1868: Serve as information privacy liaison to technology system users
  • T1869: Serve as liaison to information systems department
  • T1870: Create privacy training materials
  • T1871: Prepare privacy awareness communications
  • T1872: Deliver privacy awareness orientations
  • T1873: Deliver privacy awareness trainings
  • T1874: Manage organizational participation in public privacy and cybersecurity events
  • T1875: Prepare privacy program status reports
  • T1876: Respond to press and other public data security inquiries
  • T1877: Develop organizational privacy program
  • T1878: Apply sanctions for failure to comply with privacy policies
  • T1879: Develop sanctions for failure to comply with privacy policies
  • T1880: Resolve allegations of noncompliance with privacy policies and notice of information practices
  • T1881: Develop a risk management and compliance framework for privacy
  • T1882: Determine if projects comply with organizational privacy and data security policies
  • T1883: Develop organizational privacy policies and procedures
  • T1884: Establish complaint processes
  • T1885: Establish mechanisms to track access to protected health information
  • T1886: Maintain the organizational policy program
  • T1887: Conduct privacy impact assessments
  • T1888: Conduct privacy compliance monitoring
  • T1889: Align cybersecurity and privacy practices in system information security plans
  • T1890: Determine if protected information releases comply with organizational policies and procedures
  • T1891: Administer requests for release or disclosure of protected information
  • T1892: Develop vendor review procedures
  • T1893: Develop vendor auditing procedures
  • T1894: Determine if partner and business agreements address privacy requirements and responsibilities
  • T1895: Provide legal advice for business partner contracts
  • T1896: Mitigate Personal Identifiable Information (PII) breaches
  • T1897: Administer action on organizational privacy complaints
  • T1898: Determine if the organization's privacy program complies with federal and state privacy laws and regulations
  • T1899: Identify organizational privacy compliance gaps
  • T1900: Correct organizational privacy compliance gaps
  • T1901: Manage privacy breaches
  • T1902: Implement and maintain organizational privacy policies and procedures
  • T1903: Develop and maintain privacy and confidentiality information notices
  • T1905: Monitor advancements in information privacy technologies
  • T1907: Establish organizational risk management strategies