Magna advocates the consideration of a stage gate approach as a design principle in a privacy program. We believe that the requirements in Condition 1 of the Act emphasises the accountability role of the Executive. Our methodology therefore makes provision for oversight and decision making by business executive during project execution.
The following design principles should be accommodated in any privacy program.
- Principle 1: Privacy data should be managed in accordance to acceptable data management principles. This is necessary to give effect to the specifications of data definition, quality and completeness of data, etc. in the Act.
- Principle 2: A privacy culture and the supporting privacy values need to be established as part of an implementation program. This gives effect to the understanding, acceptance, internalisation and the required behaviour of employees.
- Principle 3: Executive accountability and oversight requires an appropriate risk framework for privacy compliance. Decisions regarding privacy compliance should always be risk based.
- Principle 4: A compliance implementation approach accommodating interdisciplinary teams from all business functions and subject matter expertise must be followed.