Sunday, November 19, 2017

Focus & Features:

Privacy has become a central theme of our times and we, as individual citizens, all have common interest in it. The heart of the matter is that we want the information we share about ourselves- private information that personally identifies us- to remain in good hands.

To become an effective Compliance Officer/ Internal Auditor, the main objectives of this training are as follows:

  • Become familiar with the basic privacy principles, concepts and background
  • Understand why Privacy is important in enforcement activity, incident management and laws, rules and regulations
  • Understand your obligations when processing Personal Information
  • Develop a privacy compliance program for your company to ensure compliance with laws, rules and regulations.

Through team exercises, group discussions, case studies, and lectures, attendees will gain a foundation of knowledge that will allow Compliance Officers to properly prepare for building an effective privacy compliance program for the company and for Internal Auditors to conduct a successful audit. A basic understanding of the roles of risks and internal controls in data privacy will also be stressed, along with interpersonal and team-building skills.


What You Will Learn

Introduction to Privacy

  • Evolution of Privacy
  • Definition of Personal Information
  • Types of Personal Information
  • Privacy as a Process
  • Privacy Principles
  • Relationship of Information Security with Data Privacy
  • Influence on Data Privacy

Privacy Legal Framework

  • Development of Legal Mandates
  • Different Approaches to Privacy Laws Across the Global
  • Understanding your Organization’s Legal Requirements
  • Gramm-Leach Bliley Act
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Children’s Online Privacy Protection Act
  • Fair Credit Reporting Act
  • Introduction to General Data Protection Regulation (GDPR)
  • Introduction to Philippine Data Privacy Act
  • Evolution of Privacy

Define Organization’s Mission Statement, Objectives and Strategies

  • Develop a privacy mission statement and strategies
  • Develop Goals and Objectives
  • Define metrics to measure success
  • Prioritizing work based on risk

Assemble your Privacy Team

  • Determine the most effective structure
  • Create the right combination of experts
  • Offering career paths to your privacy team
  • Obtaining Professional Certification

Building a Policy Framework

  • Mapping data across the organization
  • Locating data about employees
  • Identifying customer data
  • Identifying client-owned data
  • Defining co-owned data
  • Establishing responsibility for data
  • Classifying data
  • Create your Privacy Statement or Policy
  • Keeping the Privacy Statement or Policy current

Training and Communication

  • Building the case for Education and Training
  • Developing Training
  • Delivering the Training
  • Extending training through Communications
  • Measuring and Communicating Training Results
  • Educating the Enterprise
  • Non-disclosure Agreements and Confidentiality Notices reinforce Privacy Training
  • Training for Global Management of Privacy

Operate the Privacy Compliance Program

  • Making It Happen: A Three-Step Cycle
  • Step 1: Assessing Current Privacy-Related Environment
  • Step 2: Addressing the Gaps and Improving the Program
  • Step 3: Monitoring and Compliance Auditing for Continued Success
  • Typical Task of a Privacy Office
  • Conducting Privacy Risk Assessments
  • Privacy Impact Assessments
  • Assessing Risks in Using Third Parties
  • Privacy-Related Legal Requirements for Third Parties
  • Managing Privacy Complaints
  • Developing an Incident Response Plan
  • Handling Data Breach Notification Process

Test and Improve the Privacy Compliance Program

  • Leveraging Internal Audits in Privacy Governance
  • Forging Relationships with Internal Auditors
  • Enabling Privacy Self-Assessments
  • Providing Compliance checklists for Self-Assessments
  • Conducting Business Unit Privacy Risk Assessments

Specific Provisions in accordance with Philippine Data Privacy Act (R.A. 10173)

  • Scope of Implementation
  • Definition of Key terms per Implementing Guidelines (IRR)
  • Rights of Data Subject
  • Security Measures
  • Penal Sanctions
  • Enforcement
  • Appointment of Data Protection Officer (DPO)
  • Key attributes and requirements of DPO
  • Registration of Data Processing Systems
  • Key attributes and requirements of data registration
  • Data Breach Notification Requirements

Case Studies

Seminar Conclusion

  • Plan for Action

Who Should Attend

The seminar is ideal for Data Protection Officers (DPO), Compliance Officers, Information Security Officers, Internal Auditors


Mr. Michael O. Cabatuando, CIA, CCSA, CPA, CRMA, MBA, CICA, CIPP/E

Senior Manager, Global Privacy Compliance

Johnson and Johnson


Schedule: 10 – 11 November 2017
 8:30am – 5: 00 pm

Venue:  St. Giles Hotel, Makati Ave., Makati City


Seminar Investment: 

Member’s Rate: Php9,000

Non-Member’s Rate: Php12,000

No. of CPE Credits : 18*

* IIA Certifications

*BOA Accredited CPD Provider


Seminar Inclusions:

  • Seminar Kit
  • Certificate of Participation
  • AM & PM Snack, Buffet Lunch


How to Enroll:

  •  email at or fax to 325.0414
  • call us at 238-8888 loc 8962 and look for Sheena Malapitan or  Thei Mendoza
  • Click here to register online