Oversight and Governance
OG-WRL-008

Privacy Compliance

Responsible for developing and overseeing an organization’s privacy compliance program and staff, including establishing and managing privacy-related governance, policy, and incident response needs.

  • T0898: Establish an internal privacy audit program
  • T1014: Determine if security incidents require legal action
  • T1020: Determine the operational and safety impacts of cybersecurity lapses
  • T1054: Scope analysis reports to various audiences that accounts for data sharing classification restrictions
  • T1058: Advise senior management on risk levels and security posture
  • T1059: Perform cost/benefit analyses of cybersecurity programs, policies, processes, systems, and elements
  • T1060: Advise senior management on organizational cybersecurity efforts
  • T1084: Identify anomalous network activity
  • T1092: Conduct functional and connectivity testing
  • T1096: Perform privacy impact assessments (PIAs)
  • T1118: Identify vulnerabilities
  • T1119: Recommend vulnerability remediation strategies
  • T1145: Develop strategic plans
  • T1146: Maintain strategic plans
  • T1189: Determine if contracts comply with funding, legal, and program requirements
  • T1224: Determine impact of noncompliance on organizational risk levels
  • T1225: Determine impact of noncompliance on effectiveness of the enterprise's cybersecurity program
  • T1279: Prepare audit reports
  • T1334: Produce cybersecurity instructional materials
  • T1335: Promote cybersecurity awareness to management
  • T1336: Verify the inclusion of sound cybersecurity principles in the organization's vision and goals
  • T1476: Promote awareness of cybersecurity policy and strategy among management
  • T1489: Correlate incident data
  • T1492: Integrate laws and regulations into policy
  • T1549: Evaluate the impact of legal, regulatory, policy, standard, or procedural changes
  • T1853: Determine if new and existing services comply with privacy and data security obligations
  • T1854: Develop and maintain privacy and confidentiality consent forms
  • T1855: Develop and maintain privacy and confidentiality authorization forms
  • T1856: Integrate civil rights and civil liberties in organizational programs, policies, and procedures
  • T1857: Integrate privacy considerations in organizational programs, policies, and procedures
  • T1858: Serve as liaison to regulatory and accrediting bodies
  • T1859: Register databases with local privacy and data protection authorities
  • T1860: Promote privacy awareness to management
  • T1861: Establish organizational Privacy Oversight Committee
  • T1862: Establish cybersecurity risk assessment processes
  • T1863: Develop information sharing strategic plans
  • T1864: Develop organizational information infrastructure
  • T1865: Implement organizational information infrastructure
  • T1866: Develop self-disclosure policies and procedures
  • T1867: Oversee consumer information access rights
  • T1868: Serve as information privacy liaison to technology system users
  • T1869: Serve as liaison to information systems department
  • T1870: Create privacy training materials
  • T1871: Prepare privacy awareness communications
  • T1872: Deliver privacy awareness orientations
  • T1873: Deliver privacy awareness trainings
  • T1874: Manage organizational participation in public privacy and cybersecurity events
  • T1875: Prepare privacy program status reports
  • T1876: Respond to press and other public data security inquiries
  • T1877: Develop organizational privacy program
  • T1878: Apply sanctions for failure to comply with privacy policies
  • T1879: Develop sanctions for failure to comply with privacy policies
  • T1880: Resolve allegations of noncompliance with privacy policies and notice of information practices
  • T1881: Develop a risk management and compliance framework for privacy
  • T1882: Determine if projects comply with organizational privacy and data security policies
  • T1883: Develop organizational privacy policies and procedures
  • T1884: Establish complaint processes
  • T1885: Establish mechanisms to track access to protected health information
  • T1886: Maintain the organizational policy program
  • T1887: Conduct privacy impact assessments
  • T1888: Conduct privacy compliance monitoring
  • T1889: Align cybersecurity and privacy practices in system information security plans
  • T1890: Determine if protected information releases comply with organizational policies and procedures
  • T1891: Administer requests for release or disclosure of protected information
  • T1892: Develop vendor review procedures
  • T1893: Develop vendor auditing procedures
  • T1894: Determine if partner and business agreements address privacy requirements and responsibilities
  • T1895: Provide legal advice for business partner contracts
  • T1896: Mitigate Personal Identifiable Information (PII) breaches
  • T1897: Administer action on organizational privacy complaints
  • T1898: Determine if the organization's privacy program complies with federal and state privacy laws and regulations
  • T1899: Identify organizational privacy compliance gaps
  • T1900: Correct organizational privacy compliance gaps
  • T1901: Manage privacy breaches
  • T1902: Implement and maintain organizational privacy policies and procedures
  • T1903: Develop and maintain privacy and confidentiality information notices
  • T1905: Monitor advancements in information privacy technologies
  • T1907: Establish organizational risk management strategies
  • K0498: Knowledge of operational planning processes
  • K0644: Knowledge of cybersecurity operation policies and procedures
  • K0645: Knowledge of standard operating procedures (SOPs)
  • K0659: Knowledge of information privacy technologies
  • K0674: Knowledge of computer networking protocols
  • K0675: Knowledge of risk management processes
  • K0676: Knowledge of cybersecurity laws and regulations
  • K0677: Knowledge of cybersecurity policies and procedures
  • K0678: Knowledge of privacy laws and regulations
  • K0679: Knowledge of privacy policies and procedures
  • K0680: Knowledge of cybersecurity principles and practices
  • K0681: Knowledge of privacy principles and practices
  • K0682: Knowledge of cybersecurity threats
  • K0683: Knowledge of cybersecurity vulnerabilities
  • K0684: Knowledge of cybersecurity threat characteristics
  • K0687: Knowledge of business operations standards and best practices
  • K0718: Knowledge of network communications principles and practices
  • K0748: Knowledge of Privacy Impact Assessment (PIA) principles and practices
  • K0751: Knowledge of system threats
  • K0752: Knowledge of system vulnerabilities
  • K0773: Knowledge of telecommunications principles and practices
  • K0792: Knowledge of network configurations
  • K0881: Knowledge of learning assessment tools and techniques
  • K0885: Knowledge of instructional design principles and practices
  • K0886: Knowledge of instructional design models and frameworks
  • K0892: Knowledge of cyber defense laws and regulations
  • K0915: Knowledge of network architecture principles and practices
  • K0925: Knowledge of wireless communication tools and techniques
  • K0926: Knowledge of signal jamming tools and techniques
  • K0962: Knowledge of targeting laws and regulations
  • K0963: Knowledge of exploitation laws and regulations
  • K0973: Knowledge of system persistence tools and techniques
  • K0983: Knowledge of computer networking principles and practices
  • K0990: Knowledge of cyber operations principles and practices
  • K1014: Knowledge of network security principles and practices
  • K1030: Knowledge of operational planning tools and techniques
  • K1070: Knowledge of privacy disclosure statement laws and regulations
  • K1111: Knowledge of application security design principles and practices
  • K1120: Knowledge of Confidentiality, Integrity, Availability, Authenticity, and Non-repudiation (CIAAN) principles and practices
  • K1138: Knowledge of cybersecurity standards and best practices
  • K1160: Knowledge of federal and state accreditation standards
  • K1183: Knowledge of organizational cybersecurity policies and procedures
  • K1192: Knowledge of organizational privacy policies and procedures
  • K1194: Knowledge of Personally Identifiable Information (PII) attributes
  • K1198: Knowledge of privacy and data security regulators
  • K1200: Knowledge of privacy technologies
  • K1212: Knowledge of security controls
  • K1240: Knowledge of privacy laws and regulations
  • S0395: Skill in developing instructional materials
  • S0406: Skill in developing policy plans
  • S0407: Skill in developing standard operating procedures (SOPs)
  • S0408: Skill in maintaining standard operating procedures (SOPs)
  • S0447: Skill in aligning privacy and cybersecurity objectives
  • S0450: Skill in authoring privacy disclosure statements
  • S0537: Skill in designing wireless communications systems
  • S0540: Skill in identifying network threats
  • S0601: Skill in developing curricula
  • S0602: Skill in teaching training programs
  • S0610: Skill in communicating effectively
  • S0687: Skill in performing administrative planning activities
  • S0791: Skill in presenting to an audience
  • S0796: Skill in creating privacy policies
  • S0797: Skill in negotiating vendor agreements
  • S0798: Skill in evaluating vendor privacy practices
  • S0818: Skill in building internal and external stakeholder relationships
  • S0821: Skill in collaborating with internal and external stakeholders
  • S0850: Skill in performing cost/benefit analysis
  • S0858: Skill in performing economic analysis
  • S0878: Skill in performing risk analysis