Privacy Audits

Chief Privacy Officers and others concerned with privacy in an organization worry about what they don't know. It's not the data you know about that will get you in trouble. In Chapter 16, we'll discuss resource mapping and specifically talk about how to create inventories of the data in your organization. Having these data maps is the first step to being able to perform privacy audits . Here are some of the privacy-related questions you might ask about the identity data in your organization:

Conducting privacy audits and collecting all of this information may seem like a lot of work, but ask yourself what it means if you don't know the answers to these questions. There's good news and bad news. The good news is that data maps are useful for more than just privacy, so you can balance the cost and effort with other benefits. The bad news is that it's hard to get anyone very excited about data. Applications are the stars of the IT world. In Chapter 16, we'll cover a strategy for moving your organization toward having a better understanding of what data it owns and getting answers to the preceding list of questions.