Operationalizing Data Policy Governance for Data Protection

As organizations empower more data consumers to innovate their reporting, business intelligence, and advanced analytics, information risk managers are rapidly identifying risks and concerns about ensuring compliance with a variety of business policies, industry guidelines, and laws and regulations. And with the risk of steep penalties for unauthorized exposure, operationalizing data policy governance is emerging as a corporate imperative. Interpreting government regulations, assessing information risk, and identifying data management requirements are critical for both regulatory compliance as well as establishing consumer trust in your organization’s mandate for managing sensitive data. The plethora of jurisdictional data privacy laws alone makes it abundantly clear that regulatory compliance is tightly coupled with information and data governance.

Conventional approaches to data governance focusing on operating models and organization charts are necessary but insufficient. Practical deployment of strategic data governance for data protection combines the definition of data policies, methods for operationalizing those data policies, along with descriptions of the roles and responsibilities for ensuring how data policy compliance aligns with data protection objectives. In this talk we consider general aspects of data privacy laws, data sensitivity, regulatory compliance, and translation of “Policies” into operationalizable data governance ploicies that support a corporate data protection strategy. Attendees will learn about:

• Assessing the scope of data privacy laws
• Characterizing data sensitivity
• Identification of data management requirements to support regulatory directives (such as “right to be erased”)
• Data governance practices to mitigate risks, threats, and vulnerabilities
• Suggestions for enforcing compliance with data privacy policies