Privacy in Practice: Establish and Operationalize a Holistic Data Privacy Program

Privacy is not just the right to be left alone, but also the right to autonomy, control, and access to your personal data. The employment of new technologies over the last three decades drives personal data to play an increasingly important role in our economies, societies, and everyday lives. Personal information has become an increasingly valuable commodity in the digital age.

At the same time, the abundance and persistence of personal data have elevated the risks to individuals' privacy. In the age of Big Data, the Internet of Things, Biometrics, and Artificial Intelligence, it is becoming increasingly difficult for individuals to fully comprehend, let alone control, how and for what purposes organizations collect, use, and disclose their personal information. Consumers are growing increasingly concerned about their privacy, making the need for strong privacy champions ever more acute.

With a veritable explosion of data breaches highlighted almost daily across the globe, and the introduction of heavy-handed privacy laws and regulatory frameworks, privacy has taken center stage for businesses. Businesses today are faced with increasing demands for privacy protections, ever-more complex regulations, and ongoing cybersecurity challenges that place heavy demands on scarce resources. Senior management and executives now acknowledge privacy as some of the biggest risks to the business.

Privacy, traditionally, has existed in a separate realm, resulting in an unintentional and problematic barrier drawn between the privacy team and the rest of the organization. With many regulatory frameworks to consider, building an all-encompassing data privacy program becomes increasingly challenging. Effective privacy protection is essential to maintaining consumer trust and enabling a robust and innovative digital economy in which individuals feel they may participate with confidence.

This book aims at helping organizations in establishing a unified, integrated, enterprise-wide privacy program. This book is aiming to help privacy leaders and professionals to bridge the privacy program and business strategies, transform legal terms and dead text to live and easy-to-understand essential requirements which organizations can easily implement, identify and prioritize privacy program gap initiatives and promote awareness and embed privacy into the everyday work of the agency and its staff.

隱私不僅是被單獨留下的權利，也是對個人數據的自主權、控制權和訪問權的權利。過去三十年來，新技術的應用使個人數據在我們的經濟、社會和日常生活中扮演著越來越重要的角色。在數字時代，個人信息已成為一種越來越有價值的商品。

與此同時，個人數據的豐富和持久性提高了對個人隱私的風險。在大數據、物聯網、生物識別和人工智能的時代，個人很難完全理解，更不用說控制組織如何以及出於何種目的收集、使用和披露他們的個人信息。消費者對隱私越來越關注，這使得對強有力的隱私倡導者的需求變得更加迫切。

隨著全球幾乎每天都有大量數據泄露事件的爆發，以及嚴格的隱私法律和監管框架的引入，隱私已成為企業的核心問題。當今企業面臨著對隱私保護的不斷增加的需求、越來越複雜的法規和持續的網絡安全挑戰，這對有限的資源提出了巨大的要求。高級管理層和高管現在認識到隱私是業務面臨的最大風險之一。

傳統上，隱私存在於一個獨立的領域，導致隱私團隊與組織其他部門之間存在無意識且問題重重的障礙。考慮到許多監管框架，建立一個全面的數據隱私計劃變得越來越具有挑戰性。有效的隱私保護對於維護消費者信任、實現強大而創新的數字經濟以及讓個人有信心參與其中至關重要。

本書旨在幫助組織建立一個統一、整合的企業級隱私計劃。本書旨在幫助隱私領導者和專業人士搭建隱私計劃和業務策略之間的橋樑，將法律術語和枯燥的文字轉化為生動易懂的基本要求，組織可以輕鬆實施，確定和優先處理隱私計劃的差距，並提高對隱私的意識，將隱私融入機構及其員工的日常工作中。

Mr. Alan Tang has extensive experience devoted to privacy and security practices. Dr. Tang specializes in establishing and operationalizing risk-based and actionable privacy frameworks and programs in alignment with global privacy laws, regulations, and standards such as GDPR, CCPA/CPRA, PIPEDA, PIPL, LGPD, GAPP, ISO 27701, and NIST PF, etc. He believes in simplifying, automating, and scaling privacy controls to enable business growth.

Dr. Tang has firsthand experience in implementing an enterprise-wide, unified privacy framework and program for a Fortune 50 international company. The privacy framework has been implemented in 50+ countries through three phases. He has a strong history of working with business leaders in a wide range of privacy-related domains such as privacy strategy and roadmap, PIA and DPIA, privacy policies and procedures, privacy-by-design in SDLC, data subject rights assurance, data retention, data disclosure and sharing, data cross-border transfer, data security protection, privacy awareness training, data breach handling, etc.

Dr. Tang holds a Ph.D. degree in Information Security and an MBA degree. Alan also holds numerous privacy and security designations including FIP, CIPP/E, CIPP/US/C, CIPM, CIPT, CISSP, CISA, PMP, and previously ISO27001LA and PCI DSS QSA.

Mr. Alan Tang先生在隱私和安全實踐方面擁有豐富的經驗。Tang博士專注於建立和運營基於風險的可行的隱私框架和計劃，以符合全球隱私法律、法規和標準，如GDPR、CCPA/CPRA、PIPEDA、PIPL、LGPD、GAPP、ISO 27701和NIST PF等。他相信通過簡化、自動化和擴展隱私控制來促進業務增長。

Tang博士在為一家財富50強國際公司實施企業級統一隱私框架和計劃方面擁有第一手經驗。該隱私框架已通過三個階段在50多個國家實施。他在各種與隱私相關的領域與業務領導者合作的歷史悠久，例如隱私戰略和路線圖、PIA和DPIA、隱私政策和程序、軟體開發生命週期中的隱私設計、數據主體權利保證、數據保留、數據披露和共享、跨境數據傳輸、數據安全保護、隱私意識培訓、數據洩露處理等。

Tang博士擁有信息安全博士學位和MBA學位。Alan還擁有多個隱私和安全專業資格，包括FIP、CIPP/E、CIPP/US/C、CIPM、CIPT、CISSP、CISA、PMP，以及之前的ISO27001LA和PCI DSS QSA。