Chapter 4: Information Management and Privacy Risk Management
Privacy Operational Life Cycle - Assess, Protect, Sustain, Respond
The privacy operational life cycle continuously improves the program through four stages: assess, protect, sustain, and respond - from baselining and controls through training and incident/consumer-rights response.
| Stage | Key activities |
|---|---|
| Assess | Document the baseline; evaluate processors and third parties; identify operational risks; document the assessment |
| Protect | Review access and technical controls; review incident response plan; integrate privacy into functional areas (e.g., HR) |
| Sustain | Monitor compliance and regulatory changes; audit policies/standards; conduct employee, management, and contractor trainings |
| Respond | Support consumer rights (access, redress, correction, erasure); address complaints and appeals; handle privacy incidents |
Memory hook
A-P-S-R: Assess (baseline), Protect (controls), Sustain (training/monitoring), Respond (rights and incidents).
Key terms - quick answers
What is “Privacy operational life cycle”?
A continuous-improvement model with four stages - assess, protect, sustain, and respond - for refining the privacy program.