No more tears for fears: your privacy program can rule the world

March is FinTech Privacy Month

The MPC Privacy Quadrant provides organizations with the clarity of their position in the data collection and processing space:

  • Volume of information dependence
  • Risks based on the industry
  • Consequences of negligence
  • Gaps between regulatory obligations and internal privacy practices
  • Gaps between what consumers and employees expect and organization’s data handling practices

In a previous article[1] we identified several frameworks that prove to be helpful in the understanding and design of privacy components for an organization’s unique privacy framework and program.

Where we found that there was a disconnect was in the way the Frameworks apply to an organization and to our MPC Privacy Quadrant.

The NIST Privacy Framework [1]was designed to address immediate (core) and long term (target) needs. But it provides and additional element that is very useful and proves to be a stepping stone towards an assessment of privacy compliance maturity: Implementation Tiers

As a risk-based framework the NIST Privacy Framework[2] takes the view of the world through the enterprise risk management lens. It includes considerations of laws and regs but also your entire organization’s risk : IT and Business.

“Implementation Tiers support decision-making and communication about the sufficiency of organizational processes and resources to manage privacy risk” NIST Privacy Framework

This is where the MPC Practical Privacy Playbook (MPC P3) comes into play:

  • Just like the NIST Privacy Framework it establishes a current state position
  • Assists organizations with the design of their own Privacy Framework in accordance with their culture, values, mission and sector
  • It helps small organizations leverage any Framework to build their own
  • It allows for a guided discovery of the CORE components of the privacy program
  • It makes use of implementation tiers without calling them out, through an established and tested methodology
  • Adds the concept of program maturity in combination with risk management capability maturity
  • Helps organizations move organically through implementation tiers and towards the Target privacy program

The most important feature of the MPC P3 methodology is that it pursues the design of a Privacy Framework and Program in alignment with the organization’s business goals and mission while respecting its values and culture

For additional insights, certified expertise and a unique risk-based technology platform and to download our Practical Privacy Playbook for subscription-based Privacy Anytime, Anywhere™ support:

Website: www.ManagedPrivacy.ca
Email: info@ManagedPrivacy.ca
Facebook: https://www.facebook.com/ManagedPrivacy
Twitter: @managedprivacy


[1] https://managedprivacy.ca/2021/01/05/where-does-your-company-belong-in-the-mpc-privacy-quadrant/

[2] https://www.nist.gov/privacy-framework/privacy-framework

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top