Page 17 - Privacy_Program
P. 17

PRIVACY LEADERSHIP [DP110]
        Back to Table of Contents


        Scope: Enterprise
        Distribution: Executive Leadership Team, Director of Information Technology, Privacy and Data Security
        Purpose: To define privacy leadership responsibilities in the organization.
        External Regulation or Standard: GAPP Principle 1: Management, Minnesota Government Data Practices Act (MGDPA) and Health
        Information Portability and Accountability Act (HIPAA)


        Who is Responsible    Statement     Policy, Standard, or Procedure Statement
                              Number
        Executive Team        DP110.1       The organization's Executive Leadership Team and any others it appoints may
                                            function as the Privacy and Data Privacy Steering Committee.

        Executive Team        DP110.2       The Privacy and Data Privacy Steering Committee shall determine the level of
                                            risk the organization is willing to accept with regard to its information privacy.
                                            It will normally determine this level through the privacy policies and
                                            expenditures it approves and does not approve.

        Executive Team        DP110.3       The Privacy and Data Security Steering Committee shall meet at least annually,
                                            and as needed.

        Director of Information   DP110.5   The Director of Information Technology, Privacy and Data Security shall be
        Technology, Privacy and             responsible for implementing the direction of the Security Steering Committee,
        Data Security                       including:


        Director of Information   DP110.5a  Maintaining and enforcing privacy policies and proposing new policies as
        Technology, Privacy and             defined in DP111 – PRIVACY POLICIES;
        Data Security


        Director of Information   DP110.5b   Developing, implementing, and enforcing privacy standards and procedures;
        Technology, Privacy and
        Data Security
        Director of Information   DP110.5c   Identifying data privacy obligations of the organization;
        Technology, Privacy and
        Data Security

        Director of Information   DP110.5d  Managing the organization’s privacy training and awareness program as
        Technology, Privacy and             specified in DP121 – PRIVACY TRAINING AND AWARENESS;
        Data Security


        Director of Information   DP110.5e  Managing the organization’s contracts with outside providers of privacy‐related
        Technology, Privacy and             services;
        Data Security


        Director of Information   DP110.5f   Managing the organization's response to suspected privacy incidents; and
        Technology, Privacy and
        Data Security







         GES CONFIDENTIAL                                                                                    17
   12   13   14   15   16   17   18   19   20   21   22