An organization is establishing a mission statement for its privacy program. Which of the following statements would be the best to use?
A.
This privacy program encourages cross-organizational collaboration which will stop all data breaches
B.
Our organization was founded in 2054 to reduce the chance of a future disaster like the one that occurred ten years ago. All individuals from our area of the country should be concerned about a future disaster. However, with our privacy program, they should not be concerned about the misuse of their information.
C.
The goal of the privacy program is to protect the privacy of all individuals who support our organization. To meet this goal, we must work to comply with all applicable privacy laws.
D.
In the next 20 years, our privacy program should be able to eliminate 80% of our current breaches. To do this, everyone in our organization must complete our annual privacy training course and all personally identifiable information must be inventoried.
An organization’s mission statement for its privacy program should be concise, clear, and realistic. It should communicate the purpose and scope of the program, as well as the values and principles that guide it. It should also reflect the organization’s culture and identity, and align with its strategic objectives. Out of the four options, statement C is the best one to use because it expresses the goal of protecting the privacy of all individuals who support the organization, and acknowledges the need to comply with all applicable privacy laws. The other statements are either too vague, too specific, too ambitious, or too irrelevant for a mission statement. References: IAPP CIPM Study Guide, page 18.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit