Privacy Compliance Manager

Privacy Compliance Manager Work Role ID: 732 (NIST: OV-LG-002) Category/Specialty Area: Oversee & Govern / Legal Advice and Advocacy Workforce Element: Cyberspace Enablers / Leadership

Develops and oversees privacy compliance program and privacy program staff, supporting privacy compliance needs of privacy and security executives and their teams.


Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSATs

KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
100

Knowledge of Privacy Impact Assessments.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
395

Advise senior management (e.g., CIO) on risk levels and security posture.

Task
396

Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements.

Task
457

Conduct Privacy Impact Assessments (PIA) of the application’s security design for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII).

Task
677

Interpret patterns of non compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s cybersecurity program.

Task
784

Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.

Task
1036

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
3076

Ability to tailor technical and planning information to a customer’s level of understanding.

Ability
3651

Knowledge of what constitutes a “threat” to a network.

Knowledge
5430

Present technical information to technical and non-technical audiences.

Task
5560

Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization’s mission, vision, and goals.

Task
5761

Account for and administer individual requests for release or disclosure of personal and/or protected information.

Task
5762

Act as a liaison to the information systems department.

Task
5763

Act as, or work with, counsel relating to business partner contracts.

Task
5764

Administer action on all complaints concerning the organization’s privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel.

Task
5765

Assist the Security Officer with the development and implementation of an information infrastructure.

Task
5766

Assure that the use of technologies maintain, and do not erode, privacy protections on use, collection and disclosure of personal information.

Task
5767

Collaborate on cyber privacy and security policies and procedures.

Task
5768

Collaborate with cyber security personnel on the security risk assessment process to address privacy compliance and risk mitigation.

Task
5769

Conduct on-going privacy training and awareness activities.

Task
5770

Conduct periodic information privacy impact assessments and ongoing compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions.

Task
5771

Conduct privacy impact assessments of proposed rules on the privacy of personal information, including the type of personal information collected and the number of people affected.

Task
5772

Coordinate with the appropriate regulating bodies to ensure that programs, policies and procedures involving civil rights, civil liberties and privacy considerations are addressed in an integrated and comprehensive manner.

Task
5773

Coordinate with the Chief Information Security Officer to ensure alignment between security and privacy practices.

Task
5774

Coordinate with the Corporate Compliance Officer re: procedures for documenting and reporting self-disclosures of any evidence of privacy violations.

Task
5776

Develop and coordinate a risk management and compliance framework for privacy.

Task
5777

Develop and manage enterprise-wide procedures to ensure the development of new products and services is consistent with company privacy policies and legal obligations.

Task
5778

Develop and manage procedures for vetting and auditing vendors for compliance with the privacy and data security policies and legal requirements.

Task
5779

Develop privacy training materials and other communications to increase employee understanding of company privacy policies, data handling practices and procedures and legal obligations.

Task
5780

Direct and oversee privacy specialists and coordinate privacy and data security programs with senior executives globally to ensure consistency across the organization.

Task
5781

Ensure all processing and/or databases are registered with the local privacy/data protection authorities where required.

Task
5782

Ensure compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the organization’s workforce, extended workforce and for all business associates in cooperation with Human Resources, the information security officer, administration and legal counsel as applicable.

Task
5783

Ensure that the company maintains appropriate privacy and confidentiality notices, consent and authorization forms, and materials.

Task
5784

Establish a process for receiving, documenting, tracking, investigating and taking action on all complaints concerning the organization’s privacy policies and procedures.

Task
5785

Establish an internal privacy audit program.

Task
5786

Establish with management and operations a mechanism to track access to protected health information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.

Task
5787

Establish, implement and maintains organization-wide policies and procedures to comply with privacy regulations.

Task
5788

Identify and correct potential company compliance gaps and/or areas of risk to ensure full compliance with privacy regulations.

Task
5789

Interface with Senior Management to develop strategic plans for the collection, use and sharing of information in a manner that maximizes its value while complying with applicable privacy regulations.

Task
5791

Maintain current knowledge of applicable federal and state privacy laws and accreditation standards, and monitor advancements in information privacy technologies to ensure organizational adaptation and compliance.

Task
5792

Manage privacy incidents and breaches in conjunction with the Privacy Officer, Chief Information Security Officer, legal counsel, and the business units.

Task
5793

Mitigate effects of a use or disclosure of personal information by employees or business partners.

Task
5794

Monitor systems development and operations for security and privacy compliance.

Task
5795

Oversee, direct, deliver or ensure delivery of initial privacy training and orientation to all employees, volunteers, contractors, alliances, business associates and other appropriate third parties.

Task
5796

Participate in the implementation and ongoing compliance monitoring of all trading partner and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.

Task
5797

Periodically revise the privacy program in light of changes in laws, regulatory, or company policy.

Task
5798

Provide development guidance and assist in the identification, implementation, and maintenance of organization information privacy policies and procedures in coordination with organization management and administration and legal counsel.

Task
5799

Provide leadership for the organization’s privacy program.

Task
5800

Provide leadership in the planning, design and evaluation of privacy and security related projects.

Task
5801

Provide strategic guidance to corporate officers regarding information resources and technology.

Task
5802

Report on a periodic basis regarding the status of the privacy program to the Board, CEO or other responsible individual or committee.

Task
5803

Resolve allegations of non-compliance with the corporate privacy policies or notice of information practices.

Task
5804

Review all system-related information security plans to ensure alignment between security and privacy practices.

Task
5805

Serve as the information privacy liaison for users of technology systems.

Task
5806

Serve in a leadership role for Privacy Oversight Committee activities.

Task
5807

Support the organization’s privacy compliance program, working closely with the Privacy Officer, Chief Information Security Officer, and other business leaders to ensure compliance with federal and state privacy laws and regulations.

Task
5808

Develop appropriate sanctions for failure to comply with the corporate privacy policies and procedures.

Task
5809

Undertake a comprehensive review of the company’s data and privacy projects and ensure that they are consistent with corporate privacy and data security goals and policies.

Task
5810

Work cooperatively with applicable organization units in overseeing consumer information access rights.

Task
5811

Work with all organization personnel involved with any aspect of release of protected information to ensure coordination with the organization’s policies, procedures and legal requirements.

Task
5812

Work with business teams and senior management to ensure awareness of “best practices” on privacy and data security issues.

Task
5813

Work with external affairs to develop relationships with consumer organizations and other NGOs with an interest in privacy and data security issues—and to manage company participation in public events related to privacy and data security.

Task
5815

Work with External Affairs to respond to press and other inquiries with regard to concern over consumer and employee data.

Task
5816

Work with legal counsel and management, key departments and committees to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms and information notices and materials reflecting current organization and legal practices and requirements.

Task
5817

Work with organization administration, legal counsel and other related parties to represent the organization’s information privacy interests with external parties, including government bodies, which undertake to adopt or amend privacy legislation, regulation or standard.

Task
5818

Work with organization senior management to establish an organization-wide Privacy Oversight Committee.

Task
5819

Work with the general counsel, external affairs and businesses to ensure both existing and new services comply with privacy and data security obligations.

Task
6100

Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.

Ability
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6910

Ability to determine whether a security incident violates a privacy principle or legal standard requiring specific legal action.

Ability
6912

Ability to monitor advancements in information privacy laws to ensure organizational adaptation and compliance.

Ability
6913

Ability to monitor advancements in information privacy technologies to ensure organizational adaptation and compliance.

Ability
6914

Ability to work across departments and business units to implement organization’s privacy principles and programs, and align privacy objectives with security objectives.

Ability
6916

Skill in creating policies that reflect the business’s core privacy objectives.

Skill

Additional KSATs

KSAT ID Description KSAT
9

Knowledge of applicable business processes and operations of customer organizations.

Knowledge
345

Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies.

Knowledge
524

Develop and maintain strategic plans.

Task
599

Evaluate contracts to ensure compliance with funding, legal, and program requirements.

Task
600

Evaluate cost benefit, economic, and risk analysis in decision making process.

Task
618A

Provide guidance on laws, regulations, policies, standards, or procedures to management, personnel, or clients.

Task
675

Interpret and apply laws, regulations, policies, standards, or procedures to specific issues.

Task
3055A

Ability to select the appropriate implant to achieve operational goals.

Ability
3098

Knowledge of virtualization products (Vmware, Virtual PC).

Knowledge
3637

Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications).

Knowledge
3644

Knowledge of virtual machine technologies.

Knowledge
3654

Knowledge of who the organization’s operational planners are, how and where they can be contacted, and what are their expectations.

Knowledge
3659

Knowledge of wireless technologies (e.g., cellular, satellite, GSM) to include the basic structure, architecture, and design of modern wireless communications systems.

Knowledge
3749

Ability to develop clear directions and instructional materials.

Ability
4116

Knowledge of transcript development processes and techniques (e.g., verbatim, gists, summaries).

Knowledge
4117

Knowledge of translation processes and techniques.

Knowledge
5775

Develop and apply corrective action procedures.

Task
5790

Liaise with regulatory and accrediting bodies.

Task
5814

Work with external affairs to develop relationships with regulators and other government officials responsible for privacy and data security issues.

Task
6110

Ability to develop, update, and/or maintain standard operating procedures (SOPs).

Ability
6911

Ability to develop or procure curriculum that speaks to the topic at the appropriate level for the target.

Ability
6915

Skill in communicating with all levels of management including Board members (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience).

Skill
6917

Skill in negotiating vendor agreements and evaluating vendor privacy practices.

Skill