SCENARIO -
Please use the following to answer the next question:
Felicity is the Chief Executive Officer (CEO) of an international clothing company that does business in several countries, including the United States (U.S.), the United Kingdom (UK), and Canada. For the first five years under Felicity's leadership, the company was highly successful due its higher profile on the Internet via target advertising and the use of social media. However, business has dropped in recent months, and Felicity is looking to cut costs across all departments.
She has prepared to meet with the Chief Information Officer (CIO), Jin, who is also head of the company's privacy program.
After reviewing many of Jin's decisions, Felicity firmly believes that, although well-intentioned, Jin overspends company resources. Felicity has taken several notes on ways she believes the company can spend less money trying to uphold its privacy mission. First, Felicity intends to discuss the size of the company's information security budget with Jin. Felicity proposes to streamline information security by putting it solely within the purview of the company's Information Technology (IT) experts, since personal data within the company is stored electronically.
She is also perplexed by the Privacy Impact Assessments (PIAs) Jin facilitated at some of the company's locations. Jin carefully documented the approximate amount of man-hours the PIAs took to complete, and Felicity is astounded at the amount. She cannot understand why so much time has been spent on sporadic PIAs.
Felicity has also recently received complaints from employees, including mid-level managers, about the great burden of paperwork necessary for documenting employee compliance with the company's privacy policy. She hopes Jin can propose cheaper, more efficient ways of monitoring compliance. In Felicity's view, further evidence of Jin's overzealousness is his insistence on monitoring third-party processors for their observance of the company's privacy policy. New staff members seem especially overwhelmed. Despite the consistent monitoring, two years ago the company had to pay remediation costs after a security breach of a processor's data system. Felicity wonders whether processors can be held contractually liable for the costs of any future breaches.
Last in Felicity's notes is a reminder to discuss Jin's previous praise for the company's independent ethics function within the Human Resources (HR) department. Felicity believes that much company time could be saved if the Ethics Officer position were done away with, and that any ethical concerns were simply brought directly to the executive leadership of the company.
Although Felicity questions many of Jin's decisions, she hopes that their meeting will be productive and that Jin, who is widely respected throughout the company, will help the company save money. Felicity believes that austerity is the only way forward.
How could Jin address Felicity's desire to update the privacy program without increasing organizational risk?
carlosbui
12 months agoSsourav
1 year, 2 months ago