Cybersecurity and the protection of organizational and personal data is a vital component of managing information systems. Contemporary news is packed with stories and commentary on cybercrime, social...

Cybersecurity and the protection of organizational and personal data is a vital component of managing information systems. Contemporary news is packed with stories and commentary on cybercrime, social networking data privacy issues, and arguments among government leaders about the protection of national and/or personal data and laws governing those issues. Every business and organizational leader in the 21st century needs to have a baseline set of skills in cybersecurity and devote real attention to this area of information systems management - regardless of whether they work in IT or an entirely different business area.

The purpose of this activity is to develop your knowledge and skills in the area of data privacy and protection in the following areas:

• Understand the impact of Data Protection & Privacy on organizations and their IT operations.


• Develop a working knowledge of 'best practices' for organizations in the area of Data Protection & Privacy.


• Developbasic working skills necessary to develop a corporate Data Privacy & Protection policy.


• Explore the structure and role of data governance within organizations to better and manage corporate information.

Readings & Background Information:

• Text:Information Systems for Business and Beyond(Links to an external site.)(Chapter 6)


• Deloitte White Paper:Data Privacy as a Strategic Priority (PDF)
  
  Download Data Privacy as a Strategic Priority (PDF)
  


• Forbes article:Data Privacy Vs. Data Protection (PDF)
  
  Download Data Privacy Vs. Data Protection (PDF)
  


• 
  5 Data Protection Policies Your Organisation Must Have (opens in new window)(Links to an external site.)
  


• 
  How to Build a GDPR-compliant Data Protection Policy (opens in new window)(Links to an external site.)
  


• 
  Data Privacy Policy - what/why? (opens in new window)(Links to an external site.)
  


• Better Business Bureau:Writing an Effective Privacy Policy (opens in new window)(Links to an external site.)
  

Other Resources:

• 
  What is GDPR and How Does it impact your business (opens in new window)(Links to an external site.)
  


• Examples:
  
  
  • 
    University of Memphis IT Security Policies & Guidelines (landing page URL)(Links to an external site.)
    
  
  
  • 
    University of Tennessee (Knoxville) Data Privacy Notice (opens in new window)(Links to an external site.)
    
  
  
  • 
    BSR - Business for Social Responsibility (opens in new window)(Links to an external site.)
    
  
  
  • 
    Sample Data Protection Policy Template (opens in new window)(Links to an external site.)
    
  
  
  • 
    Sample Data Privacy Template (opens in new window)(Links to an external site.)
    
    
    
  
  
  
  

Detailed Instructions:

There aretwo partsto this activity.

Part 1: Find and analyze concrete examples of an organizationalData Protection & Privacy Policy.

In the first step, you are to find three (3) concrete (real-world) examples of an organizational data protection & privacy policy (or equivalent document). Your examples can be from a for-profit business, non-profit, or government agency. After finding and researching as much as you can about these examples, prepare an analysis of each as follows.

• Name of the organization and related URLs


• The type of organization (business, non-profit, government, etc.) and a little about the nature of what they do and whom they serve


• Examples of any major risk factors associated with data protection faced by this organization (what kind of data? what sorts of risks? etc.)


• A brief summary of structure of their data privacy and protection policy (or equivalent). What major categories does it include? How is it organized? What sort of audience does it appear to be written for?


• A short critique based on your knowledge of what should be included in a good corporate data protection & privacy policy. For example, are their major sections omitted? Is it poorly constructed?

Part 2: Build a sample data protection & privacy policy template for use by organizations.

Using the analysis of your examples, develop a proposed starting template for an ideal data protection & privacy policy that could be used by organizations in need of building or updating such a policy for internal use.

Attributes and components to address in constructing this template:

• Overall organization and structure of the policy template


• Intended audience (internal, external, technical, anyone, etc.)


• A consideration of organizational culture as it relates to best practices in maintaining effective data protection & privacy


• The following components/major elements:
  
  
  • Short Section/Title of the element.
  
  
  • Rationale for including this element (why it should be included).
  
  
  • What portion of data protection & privacy it addresses.
  
  
  • General guidelines/instructions for completing this section by a user-organization.