Privacy in Practice Establish and Operationalize a Holistic Data Privacy Program

Part 1: Privacy Basics and Landscape

1. Privacy Concept and a Brief History

2. Legal Systems, World Models, and Landscape

3. GDPR, CCPA/CPRA, PIPL and PIPEDA

4. Privacy Best Practices, Standards, and Certifications

5. Data Protection Drivers and Challenges

6. Unified Data Protection Framework

7. Privacy Program Assessment and Roadmap

8. Privacy Program Management Metrics and Tools

9. Data Protection Legal Mandate and Business Requirements

10. Governance Structure and Responsibilities

11. Privacy Policies and Procedures

12. Privacy Awareness, Training, and Engagement

13. Privacy Impact Assessment (PIA)

14. Record of Processing Activities

15. Privacy Notice

16. Lawful Basis

17. Data Collection

18. Data Usage and Maintenance

19. Personal Data Sharing

20. Data Residency and Cross-Border Transfers

21. Data Retention and De-Identification

22. Security of Personal Data Processing

23. PbD in Marketing Practices

24. Workforce Data Protection

25. Protection of Children’s Data

26. PbD for AI Solutions

27. Data Subject Rights, Inquiries, and Complaints

28. Data Breach Handling

29. DPA Cooperation

Biography

Mr. Alan Tang has extensive experience devoted to privacy and security practices. Dr. Tang specializes in establishing and operationalizing risk-based and actionable privacy frameworks and programs in alignment with global privacy laws, regulations, and standards such as GDPR, CCPA/CPRA, PIPEDA, PIPL, LGPD, GAPP, ISO 27701, and NIST PF, etc. He believes in simplifying, automating, and scaling privacy controls to enable business growth.

Dr. Tang has firsthand experience in implementing an enterprise-wide, unified privacy framework and program for a Fortune 50 international company. The privacy framework has been implemented in 50+ countries through three phases. He has a strong history of working with business leaders in a wide range of privacy-related domains such as privacy strategy and roadmap, PIA and DPIA, privacy policies and procedures, privacy-by-design in SDLC, data subject rights assurance, data retention, data disclosure and sharing, data cross-border transfer, data security protection, privacy awareness training, data breach handling, etc.

Dr. Tang holds a Ph.D. degree in Information Security and an MBA degree. Alan also holds numerous privacy and security designations including FIP, CIPP/E, CIPP/US/C, CIPM, CIPT, CISSP, CISA, PMP, and previously ISO27001LA and PCI DSS QSA.

“This book serves as a valuable resource for anyone seeking to understand and navigate the complexities of data privacy. Its comprehensive approach and clear explanations make it an essential guide for organizations of all sizes working to establish and maintain robust data protection practices.”

- Dr Mike Brass (CISSP, CIPPE/E, CISM, CRISC)

 

See Mike’s full review at: https://www.linkedin.com/pulse/review-privacy-practice-dr-mike-brass-cissp-cippe-e-cism-crisc--qfqie/?trackingId=CJypYojXzvq1GpauDJH13A%3D%3D

Privacy is a slippery term that people drag out for various reasons, some of which can be misleading. For instance, most American citizens believe that the Fourth Amendment guarantees their right to privacy and will cite it as such. Newsflash, it doesn’t. The Fourth Amendment protects citizens from unreasonable search and seizure by the United States government. It does not guarantee that – for instance – your personal data won’t be harvested and used for all sorts of nefarious purposes by shadowy entities in the data mining industry. Thus, for the sake of self-protection, if for no other reason, everybody in the digital age needs to know what privacy is, its implications, and its applications.

 

The problem arises from the fact that most of the concepts about privacy are rooted in the universe that existed prior to the commercial Internet. That world doesn’t exist anymore, and it hasn’t for some time. The other problem is simple ignorance. We don’t understand the many vital nuances of privacy or what it means to us in terms of personal impacts. But, fear not… Alan Tang has covered the waterfront in “Privacy in Practice.” This comprehensive guide doesn’t simply discuss the general concept of privacy. It defines it from every possible cultural perspective and then proceeds to summarize its various incarnations in worldwide regulations and standards, leaving no stone unturned.

 

Then Tang gets serious about operationalizing the term. In effect, privacy has always been one of those lightweight concepts that everybody agrees is a good idea, but nobody has the slightest notion about how to substantively implement. The book provides a complete and highly credible, holistic architecture of standard real-world controls that can be handily tailored into a governance framework suitable to any general organizational application. The beauty of this book is that it provides nine chapters of explicit operational implementation advice, which ought to be sufficient to assure privacy in any organization of any size. Then, if you still aren’t getting the picture, he provides case examples to illustrate how this can be done in various settings, as well as the practical operational steps to ensure it. So, when you finish this book, you will be as knowledgeable about privacy as any of the world’s leading experts, which Tang just happens to be. Is that a coincidence? I think not.

 

- Dan Shoemaker, PhD - Distinguished Visitor of the Institute of Electrical and Electronics Engineers (IEEE) & Member of the Editorial Board, Computers and Security