Data privacy and risk | Security Detail

Red Hat

29 Nov 202203:19

Summary

TLDRClarence Clayton, Senior Manager of the Global Privacy Team at Red Hat, discusses the interconnectedness of privacy, security, and risk in the business context. He compares risk management to a doctor’s visit, where assessments and checkups help identify and mitigate potential issues. Clayton emphasizes that while risks can be mitigated, they cannot always be eliminated. A holistic approach to compliance, involving all stakeholders in protecting personal data, is crucial for organizations. At Red Hat, this model ensures that privacy and compliance obligations are met effectively, despite the challenges involved.

Takeaways

😀 'Follow the money' in privacy becomes 'Follow the data' to manage privacy risks effectively.
😀 Privacy, security, financial, legal, reputational, and supplier risks are all critical factors in assessing overall business risk.
😀 Privacy and security have significant overlap, and both are essential to identifying and managing risk.
😀 Data privacy and security intersect, and the point where they meet is where risk is most prevalent.
😀 A privacy or risk antenna is a metaphor for the proactive steps needed to monitor and react to risks in a company.
😀 Risk assessments, such as surveys and checklists, are tools used to identify potential privacy and security risks.
😀 Just like a medical checkup, data privacy and risk management require regular assessments to ensure compliance and mitigate potential risks.
😀 Risk management involves putting parameters in place to mitigate risk without compromising company operations.
😀 Risks can often be mitigated but rarely completely eliminated, making vigilance essential in risk management.
😀 At Red Hat, compliance with privacy obligations is approached holistically, involving every department and role in the organization.
😀 Implementing an integrated compliance model can be challenging but provides significant long-term benefits.

Q & A

What is the main concept behind the phrase 'Follow the data'?
-In the privacy world, 'Follow the data' emphasizes the importance of understanding and tracking how personal data is handled, similar to how 'Follow the money' is used in other contexts to trace the source of financial transactions.
What are the various types of risks mentioned in the script?
-The script mentions several types of risks, including privacy risk, security risk, financial risk, legal risk, reputational risk, business risk, and supplier risk.
How does privacy intersect with security in risk management?
-Privacy and security intersect in the way that data protection is managed. While privacy concerns the type of data being processed, security focuses on the steps taken to protect that data. The intersection of these two is where risk management comes into play.
What is Clarence Clayton's role at Red Hat?
-Clarence Clayton is the Senior Manager of the Global Privacy Team at Red Hat, and he is responsible for overseeing privacy and risk management within the company.
How does Clarence Clayton identify potential risks in his company?
-Rather than having a 'risk antenna,' Clarence uses surveys, questionnaires, and checklists that are filled out by employees to identify potential risks. These tools help the team detect issues that need attention.
Can you explain the metaphor Clarence uses to describe risk management?
-Clarence compares risk management to a doctor's visit. Just as a doctor gathers medical history and performs a checkup to assess health, organizations must perform risk assessments to identify potential issues and develop solutions to mitigate them.
What is the key takeaway regarding how risk is managed in organizations?
-Risk can often be mitigated but not completely eliminated. The goal is to implement safeguards that reduce risk to acceptable levels without exposing the company to unnecessary harm.
What approach does Red Hat take to ensure compliance?
-Red Hat takes a holistic approach to compliance, meaning that they integrate privacy and risk management across all areas of the organization. This approach helps ensure that the company meets its compliance obligations effectively.
Why is implementing an integrated compliance model challenging?
-Implementing an integrated compliance model is challenging because it requires coordination across various departments and a continuous focus on risk management. However, despite the challenges, the benefits of a unified approach are significant.
What is the ultimate goal of privacy and risk management in an organization?
-The ultimate goal is to be vigilant about the privacy of customers and to manage risks in a way that protects both the organization and its stakeholders while ensuring compliance with legal and ethical standards.