A Guide to Enterprise Privacy Program Development

A Guide to Enterprise Privacy Program Development

Within organizations that manage large amounts of personal data, an enterprise privacy program is responsible for overseeing every aspect of the collection, management, use, and disclosure of personal information. The first step in developing enterprise privacy is the development of organizational policy based on legislative requirement, a process described in our approach to Electronic Health Record Policy Guidance. Guided by our Enterprise Privacy Program Model, we then work with our clients to define the essential components of an enterprise-wide privacy program capable of implementing this policy: Enterprise Privacy Program Development



Privacy Program Definition

The definition of the privacy program and model: vision, strategy, and plan

Privacy Governance

Privacy governance across the enterprise through a governance framework, defined roles and responsibilities, privacy policy, risk management practices, and ideally a best practice library


Management of client consent and notifications, either directly or as a service provider to businesses and healthcare organizations


Ability to ensure compliance with laws and standards of practice through auditing and monitoring processes

Data Management

Data management lifecycle practices: collection, retention, use and disclosure

Privacy Program Services

Definition and fulfillment of privacy services through a service catalogue, service fulfillment and operational model, and service templates

Information Technology

Solution design, standardization, and controls: needs analysis, solution design, implementation, quality assurance, gating and change controls

Physical Design and Network

Data transmission formats and encoding practices