Privacy for NFPAlejandra Brown CIPT

Kirke Management Consulting

2017-11-07copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

What we will cover

Privacy key concepts and world privacy regulations1

Canadian privacy guiding principles2

Privacy vs security3

Examples of privacy breaches in the NFP world4

Importance of privacy in NFP and advantages of proactive management5

Common areas of vulnerability and incident causes6

Impacts of a breach7

Effective privacy management program8

What is coming9

Where do we go from here10

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy ndash Key Concepts

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

bull Generally considered to be any information about an identifiable individual

bull Information privacy is the right to have some control over how your personal information is collected and used

Canadian Privacy ndash Data Protection Law and Policy for the Practitioner Kris Klein CIPPC Second edition IAPP

World Privacy Regulations

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Canada USA EU

Canadian Privacy Guiding Principles

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy vs Security

bull Privacy focuses on governance arounduse disclosure and retention of PersonalInformation

bull Security is concerned with measures torestrict access and protect PersonalInformation during collection storageand transmission

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

NFP Privacy Breaches

httpswww501c3lawblogcom20170809data-breaches-nonprofits httpswwwprivacyrightsorgdata-breachestitle=amporg_type5B5D=263 httpswwwoipcabcadecisionsbreach-notification-decisionsaspx

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

King Edward Child Care Society Edmonton AB - Sep 2017

Little Red Door ndash Jan-Mar 2017

YMCA San Diego ndash July 2017

Legal Aid Society of Orange County ndash Jan 2017

What we will cover

Privacy key concepts and world privacy regulations1

Canadian privacy guiding principles2

Privacy vs security3

Examples of privacy breaches in the NFP world4

Importance of privacy in NFP and advantages of proactive management5

Common areas of vulnerability and incident causes6

Impacts of a breach7

Effective privacy management program8

What is coming9

Where do we go from here10

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy ndash Key Concepts

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

bull Generally considered to be any information about an identifiable individual

bull Information privacy is the right to have some control over how your personal information is collected and used

Canadian Privacy ndash Data Protection Law and Policy for the Practitioner Kris Klein CIPPC Second edition IAPP

World Privacy Regulations

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Canada USA EU

Canadian Privacy Guiding Principles

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy vs Security

bull Privacy focuses on governance arounduse disclosure and retention of PersonalInformation

bull Security is concerned with measures torestrict access and protect PersonalInformation during collection storageand transmission

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

NFP Privacy Breaches

httpswww501c3lawblogcom20170809data-breaches-nonprofits httpswwwprivacyrightsorgdata-breachestitle=amporg_type5B5D=263 httpswwwoipcabcadecisionsbreach-notification-decisionsaspx

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

King Edward Child Care Society Edmonton AB - Sep 2017

Little Red Door ndash Jan-Mar 2017

YMCA San Diego ndash July 2017

Legal Aid Society of Orange County ndash Jan 2017

Privacy ndash Key Concepts

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

bull Generally considered to be any information about an identifiable individual

bull Information privacy is the right to have some control over how your personal information is collected and used

Canadian Privacy ndash Data Protection Law and Policy for the Practitioner Kris Klein CIPPC Second edition IAPP

World Privacy Regulations

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Canada USA EU

Canadian Privacy Guiding Principles

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy vs Security

bull Privacy focuses on governance arounduse disclosure and retention of PersonalInformation

bull Security is concerned with measures torestrict access and protect PersonalInformation during collection storageand transmission

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

NFP Privacy Breaches

httpswww501c3lawblogcom20170809data-breaches-nonprofits httpswwwprivacyrightsorgdata-breachestitle=amporg_type5B5D=263 httpswwwoipcabcadecisionsbreach-notification-decisionsaspx

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

King Edward Child Care Society Edmonton AB - Sep 2017

Little Red Door ndash Jan-Mar 2017

YMCA San Diego ndash July 2017

Legal Aid Society of Orange County ndash Jan 2017

World Privacy Regulations

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Canada USA EU

Canadian Privacy Guiding Principles

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy vs Security

bull Privacy focuses on governance arounduse disclosure and retention of PersonalInformation

bull Security is concerned with measures torestrict access and protect PersonalInformation during collection storageand transmission

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

NFP Privacy Breaches

httpswww501c3lawblogcom20170809data-breaches-nonprofits httpswwwprivacyrightsorgdata-breachestitle=amporg_type5B5D=263 httpswwwoipcabcadecisionsbreach-notification-decisionsaspx

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

King Edward Child Care Society Edmonton AB - Sep 2017

Little Red Door ndash Jan-Mar 2017

YMCA San Diego ndash July 2017

Legal Aid Society of Orange County ndash Jan 2017

Canadian Privacy Guiding Principles

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy vs Security

bull Privacy focuses on governance arounduse disclosure and retention of PersonalInformation

bull Security is concerned with measures torestrict access and protect PersonalInformation during collection storageand transmission

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

NFP Privacy Breaches

httpswww501c3lawblogcom20170809data-breaches-nonprofits httpswwwprivacyrightsorgdata-breachestitle=amporg_type5B5D=263 httpswwwoipcabcadecisionsbreach-notification-decisionsaspx

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

King Edward Child Care Society Edmonton AB - Sep 2017

Little Red Door ndash Jan-Mar 2017

YMCA San Diego ndash July 2017

Legal Aid Society of Orange County ndash Jan 2017

Privacy vs Security

bull Privacy focuses on governance arounduse disclosure and retention of PersonalInformation

bull Security is concerned with measures torestrict access and protect PersonalInformation during collection storageand transmission

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

NFP Privacy Breaches

httpswww501c3lawblogcom20170809data-breaches-nonprofits httpswwwprivacyrightsorgdata-breachestitle=amporg_type5B5D=263 httpswwwoipcabcadecisionsbreach-notification-decisionsaspx

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

King Edward Child Care Society Edmonton AB - Sep 2017

Little Red Door ndash Jan-Mar 2017

YMCA San Diego ndash July 2017

Legal Aid Society of Orange County ndash Jan 2017

NFP Privacy Breaches

httpswww501c3lawblogcom20170809data-breaches-nonprofits httpswwwprivacyrightsorgdata-breachestitle=amporg_type5B5D=263 httpswwwoipcabcadecisionsbreach-notification-decisionsaspx

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

King Edward Child Care Society Edmonton AB - Sep 2017

Little Red Door ndash Jan-Mar 2017

YMCA San Diego ndash July 2017

Legal Aid Society of Orange County ndash Jan 2017

Importance of Privacy for NFP

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Advantages of Managing Privacy

How can transparent privacy management help NFPs grow in terms of funding increased client satisfactionvolunteering and talent acquisition

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Common Areas of Vulnerability

Privacy Incident Causes

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Technology Human Error

bull

bull

bull

bull

Impacts of a Breach

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Effective Privacy Program

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Key IT Security Measures

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

IT Security

What Is Changing

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Where Do We Go From Here

Determine what is your level of Privacy maturityAssess your risk and current gaps

Adopt ldquoquick-winsrdquoAppoint a CPOCreate or review privacy policyTrain employees volunteers on privacy practices and their obligations Identify IT security areas of risk Include appropriate disclaimers in your e-Newsletter sign up form

Establish an incident response procedure

Bring in experts when required

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Resources

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy assessment questionnaire

Privacy policy checklist for NFP

Privacy and data concerns for NFP

Minimizing the risk of a data breach A guide for NFP organizations

Advantages of Managing Privacy

How can transparent privacy management help NFPs grow in terms of funding increased client satisfactionvolunteering and talent acquisition

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Common Areas of Vulnerability

Privacy Incident Causes

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Technology Human Error

bull

bull

bull

bull

Impacts of a Breach

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Effective Privacy Program

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Key IT Security Measures

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

IT Security

What Is Changing

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Where Do We Go From Here

Determine what is your level of Privacy maturityAssess your risk and current gaps

Adopt ldquoquick-winsrdquoAppoint a CPOCreate or review privacy policyTrain employees volunteers on privacy practices and their obligations Identify IT security areas of risk Include appropriate disclaimers in your e-Newsletter sign up form

Establish an incident response procedure

Bring in experts when required

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Resources

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy assessment questionnaire

Privacy policy checklist for NFP

Privacy and data concerns for NFP

Minimizing the risk of a data breach A guide for NFP organizations

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Common Areas of Vulnerability

Privacy Incident Causes

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Technology Human Error

bull

bull

bull

bull

Impacts of a Breach

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Effective Privacy Program

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Key IT Security Measures

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

IT Security

What Is Changing

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Where Do We Go From Here

Determine what is your level of Privacy maturityAssess your risk and current gaps

Adopt ldquoquick-winsrdquoAppoint a CPOCreate or review privacy policyTrain employees volunteers on privacy practices and their obligations Identify IT security areas of risk Include appropriate disclaimers in your e-Newsletter sign up form

Establish an incident response procedure

Bring in experts when required

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Resources

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy assessment questionnaire

Privacy policy checklist for NFP

Privacy and data concerns for NFP

Minimizing the risk of a data breach A guide for NFP organizations

Privacy Incident Causes

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Technology Human Error

bull

bull

bull

bull

Impacts of a Breach

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Effective Privacy Program

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Key IT Security Measures

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

IT Security

What Is Changing

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Where Do We Go From Here

Determine what is your level of Privacy maturityAssess your risk and current gaps

Adopt ldquoquick-winsrdquoAppoint a CPOCreate or review privacy policyTrain employees volunteers on privacy practices and their obligations Identify IT security areas of risk Include appropriate disclaimers in your e-Newsletter sign up form

Establish an incident response procedure

Bring in experts when required

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Resources

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy assessment questionnaire

Privacy policy checklist for NFP

Privacy and data concerns for NFP

Minimizing the risk of a data breach A guide for NFP organizations

Impacts of a Breach

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Effective Privacy Program

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Key IT Security Measures

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

IT Security

What Is Changing

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Where Do We Go From Here

Determine what is your level of Privacy maturityAssess your risk and current gaps

Adopt ldquoquick-winsrdquoAppoint a CPOCreate or review privacy policyTrain employees volunteers on privacy practices and their obligations Identify IT security areas of risk Include appropriate disclaimers in your e-Newsletter sign up form

Establish an incident response procedure

Bring in experts when required

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Resources

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy assessment questionnaire

Privacy policy checklist for NFP

Privacy and data concerns for NFP

Minimizing the risk of a data breach A guide for NFP organizations

Effective Privacy Program

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Key IT Security Measures

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

IT Security

What Is Changing

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Where Do We Go From Here

Determine what is your level of Privacy maturityAssess your risk and current gaps

Adopt ldquoquick-winsrdquoAppoint a CPOCreate or review privacy policyTrain employees volunteers on privacy practices and their obligations Identify IT security areas of risk Include appropriate disclaimers in your e-Newsletter sign up form

Establish an incident response procedure

Bring in experts when required

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Resources

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy assessment questionnaire

Privacy policy checklist for NFP

Privacy and data concerns for NFP

Minimizing the risk of a data breach A guide for NFP organizations

Key IT Security Measures

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

IT Security

What Is Changing

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Where Do We Go From Here

Determine what is your level of Privacy maturityAssess your risk and current gaps

Adopt ldquoquick-winsrdquoAppoint a CPOCreate or review privacy policyTrain employees volunteers on privacy practices and their obligations Identify IT security areas of risk Include appropriate disclaimers in your e-Newsletter sign up form

Establish an incident response procedure

Bring in experts when required

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Resources

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy assessment questionnaire

Privacy policy checklist for NFP

Privacy and data concerns for NFP

Minimizing the risk of a data breach A guide for NFP organizations

What Is Changing

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Where Do We Go From Here

Determine what is your level of Privacy maturityAssess your risk and current gaps

Adopt ldquoquick-winsrdquoAppoint a CPOCreate or review privacy policyTrain employees volunteers on privacy practices and their obligations Identify IT security areas of risk Include appropriate disclaimers in your e-Newsletter sign up form

Establish an incident response procedure

Bring in experts when required

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Resources

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy assessment questionnaire

Privacy policy checklist for NFP

Privacy and data concerns for NFP

Minimizing the risk of a data breach A guide for NFP organizations

Where Do We Go From Here

Determine what is your level of Privacy maturityAssess your risk and current gaps

Adopt ldquoquick-winsrdquoAppoint a CPOCreate or review privacy policyTrain employees volunteers on privacy practices and their obligations Identify IT security areas of risk Include appropriate disclaimers in your e-Newsletter sign up form

Establish an incident response procedure

Bring in experts when required

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Resources

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy assessment questionnaire

Privacy policy checklist for NFP

Privacy and data concerns for NFP

Minimizing the risk of a data breach A guide for NFP organizations

Resources

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential

Privacy assessment questionnaire

Privacy policy checklist for NFP

Privacy and data concerns for NFP

Minimizing the risk of a data breach A guide for NFP organizations

About Kirke

Strategy

Transformation

Results

We are a strategy consulting firm that enables business growth and minimizes corporate risk We believe thatsafeguarding personal information has become paramount in a rapidly expanding digital world therefore wehelp organizations gain relevant data insights to build tighter relationships with their customers all within astrong privacy management framework This results in increased brand recognition improved reputation in theindustry and trust within their customer-base

httpwwwkirke-consultingcom

Contact Us

wwwkirke-consultingcom

Ale Brown ndash Founder amp Principal Consultant

abrownkirke-consultingcom 6047873230

Sonny Samra ndash Managing Director

ssamrakirke-consultingcom 6047829114

copy 2017 Kirke Management Consulting All Rights Reserved - Private and Confidential