The Function and Duties of the CPO

 

Chief Privacy Officer (CPO)

The Chief Information Privacy Officer (CPO) is a relatively new role in information risk management.  Like many corporate executive roles, the CPO title carries differing responsibilities depending on the industry, size of company, and reporting structure.  And like many executive roles, the smaller the organization the less likely that the formal role of a CPO even exists at all.

A generally accepted functions of a CPO are:

Chief Privacy Officer (CPO) is a senior level executive role within a business or organization who is responsible for managing the risks and business impacts of privacy laws and policies. The CPO position is relatively new and was created to respond to both consumer concern over the use of personal information, including medical data and financial information, and laws and regulations, such as protection of patient medical records (The Health Insurance Portability and Accountability Act of 1996 also known as HIPAA), the use and safeguarding of consumer financial and banking transactions (The Fair Credit Reporting Act and its Disposal Rule or the Gramm-Leach-Bliley Act) and international regulations (The European Union Data Protection Directive).

The Chief Privacy Officer is responsible for information privacy across the entire organization, including:

  • Educating the board of directors, senior executives, IT leadership, Human Resources staff, Office of General Counsel, etc. on the privacy laws and regulations that
    apply to their organization based on the types of confidential personal information that the organization collects and maintains.
  • Determining the potential privacy related risks to the reputation, revenues and regulatory compliance of the organization.
  • Assessing privacy readiness by determining the confidential personal information being collected and the maturity of current privacy and security control practices.
  • Creating and implementing action plans to enable the organization to become and stay compliant with the privacy laws, regulations and best practices that apply to the particular business.
  • Developing and maintaining privacy policies, standards, best practices, website privacy statements, etc.
  • Monitoring networks and systems on a 7x24x365 basis for evidence of privacy and security anomalies that could indicate a breach or loss of confidential personal information.
  • Establishing and promoting a culture of compliance when it comes to privacy that will enable the organization to potentially leverage privacy as a competitive differentiator.

Due to emerging laws and regulations, as well as increased awareness in regards to Personally Identifiable Information (PII), your customers expect privacy.  Protecting private information is an element of security; however privacy encompasses a much larger issue.  Organizations are now required to respect privacy in all of their processes and systems, and to empower individuals through notification of what information you are collecting, provide choices to opt in or out, provide the individual with access to determine and change the information accuracy, and provide assurance that the user’s expectation of protection of their information is respected, and that you will ensure the destruction of their personal information when it is longer needed or they have requested its cleansing from your system.

SAVANTURE can help.  We offer a Chief Privacy Officer practice with a full range of services to help you and your organizations meet your customer’s privacy expectations, stay compliant with applicable privacy laws and regulations, and begin to make your commitment to a culture of privacy a market differentiator for you.
Learn about our company, read what media and analysts have to say about SAVANTURE, or find open positions and become part of our team.
We are here to earn your trust, and your business.

 

  • SAVANTURE Services are best in class and provide the most optimal cost performance solution in the marketplace allowing you to focus on your business
  • Best in class offerings allow us to protect your revenue, reputation and regulatory compliance better than any other solution in the marketplace
  • Flexibility in deployment methods allow a low cost entry option, while breath of services allow you to increase your protection logically over time as threats change and regulatory requirements evolve
  • SAVANTURE allows you to leverage best in class or take advantage of SAVANTURE’s Genesis5
  • Ease of deployment and ease of use while always being cost-effective, reliable, and secure
CONTACT US and we can answer any questions or get you started now.