What is a Privacy Program Business Case?
What is a Privacy Program Business Case?
Think of the privacy business case as the field manual for a privacy program. It contains the essential instructions on how to create and operate the privacy program, and provides the program’s justification.
In the context of a privacy program, a privacy business case is an assessment of the privacy needs of an organization. It defines the individual program needs and the way to meet specific goals. It describes the organization privacy guidance, defines privacy for the organization, identifies requirements of relevant laws and regulations, discusses needed technical controls, names external privacy organizations, describes privacy frameworks, privacy enhancing technologies (PETs), sets forth the plan for education and awareness and provides for program assurance.
A business case is the starting point for assessing the needs of the privacy organization. It defines the individual program needs and the ways to meet specific business goals, such as compliance with privacy laws or regulations, industry frameworks, customer requirements and other considerations.
A business case is part of what is needed to develop privacy policies, standards and guidelines: 1) Build a business case, 2) Do a gap analysis, 3) Review and monitor, 4) Communicate.