Practical Guide to Privacy & Security for Retailers

Retailers are facing risks as more and more of their operations is moving online.  These risks are legal, reputational, operational, investment, and data breaches. In this report you will learn about:

  1. Boards, Executives, and Privacy Compliance Obligations
  2. What You as a Director Can Do
  3. FTC and Canadian Privacy Obligations
  4. The report will provide you with an Implementation Checklist
  5. Detailed Recommendations on :
    1. New Technologies and Consumer Data Protection
    2. In-store tracking
    3. Internet of Things
    4. Mobile Apps
    5. Behavioural Advertising
    6. Hacking and Phishing Threats
  6. In addition to HR issues on : Legal Privacy Obligations, Relevant Federal Law, Anti-discrimination, Background Checks,Workplace Monitoring, Post-employment Access Issues
  7. Relevant State and Provincial Law, Tort Law, Contract Law requirements

Download this guide to learn more about how to prevent a potential attack on Retail Data. In recent years, news of massive data breaches has become almost commonplace. Major retailers such as Target and Home Depot have been targeted; so too have hospitals, universities, and both the US Internal Revenue Service and Canada Revenue Agency. We are witnessing an unprecedented increase in cyber attacks. Privacy and information security have never been more important, yet it is clear that many companies are struggling to keep up with new technological issues and legal requirements.

For retailers, compliance is a vital aspect of corporate governance. Traditionally, “security” has meant securing store locations and computers. Now, it also means securing personal data online. Corporate compliance – meeting regulatory requirements for privacy and security – is an equally important aspect of corporate governance.

Audience:

This report is for ideal for CISOs, security, compliance and risk management officers, IT administrators and other professionals concerned with information security, this guide is for IT decision-makers that need to implement strong authentication security, as well as those evaluating two-factor authentication solutions for organizations in the retail industry.

Download our  guide today for a detailed overview of the retail industry’s current state of security, and recommendations on safeguarding customer financial information.

An Enterprise Legal Reference Model

We have developed an enterprise reference model used to conceptualize enterprise elements. The model suggests three planes:

  1. Subject and role-grouping plane: In this plane, the subjects are grouped into roles. Roles reflect subject access rights into the processes and activities of the middle plane.
  2. Process and activity plane: Here, processes are organized in a hierarchy which includes activity graphs.
  3. Object plane or data plane: This is the plane of data object identifiers. Objects enclose data.
Governance Analysis Method - Enterprise Reference Model
Enterprise Reference Model

These three planes are connected by mapping from the subject plane to the process plane. Mapping represents a logical association usually indicating right of access, or operating on an object to complete the process. Our method will focus on the top two layers of the reference model, namely the subject and the process layers.

The layers can be described as follows:

Subject plane

The subject plane includes the user groups and their roles. In enterprise governance requirements, a user or a group of users (a role) can be the subject of legal requirements. For example, the privacy or financial officer is a role defined by laws such as PIPEDA and Sarbanes-Oxley (SOX). Role formations are not mandatory, but they are almost pervasive in enterprise definitions. There are numerous references in legal requirements to role groupings.

Process plane

The process plane defines the process workflow. The process flow has the ability to implement process requirements, which are requirements that specify process compositions, in addition to precedence relations between activities. The process plane acts as the intermediary between the subject and object planes. It assists in mapping processes to the object layer. A mapping defines an explicit ‘reachability’ relation from users to activities and to objects. Semantically, a relation between an activity and an object means that the activity has access to an object. Given that there is a strict mapping between objects and activities, we shall consider access to an activity equivalent to object access.

Object plane

The object plane consists of object references. These references can also refer to composite objects. Our method will focus on the top two layers of the reference model, namely, the subject and the process layers.

What is Legal Compliance?

 

A set of enterprise requirements is considered compliant with the law if the requirements are legally consistent and compliant with respect to the law.

 

 

Legal Compliance is about Legal Consistency & Completness
Legal Compliance

 

 

The figure above shows the proposed methods for consistency and completeness checking. The square boxes represent the methods, which we have partially presented in the previous post: model consistency check, scenario check, ontology check, and coverage check.