Protecting valuable information assets, including personal data about employees, students, customers, and medical patients, is an enterprise-wide responsibility. Like all components of good corporate governance, it begins with senior leadership establishing a culture of awareness about the importance of safeguarding these assets, and extends through coordinated actions among all business units, divisions, and departments. When creating data privacy programs, organizations should align them with their strategic enterprise risk management objectives and follow a top-down approach to achieve the greatest benefit. This presentation will focus on a practical approach to data privacy, that seeks to understand the business needs for data and align a data privacy protection program to those needs. Effective programs prevent companies from ending up in the news, disclosing a data loss, by enabling its employees to stay vigilant for situations where data may be at risk. Topics to be discussed include: * The Goals of an Effective Data Privacy Program * Current Data Privacy Landscape * Common Privacy Program Pitfalls * Key Components of a Successful Data Privacy Program * The Top Down Data Privacy Risk Assessment * Data Privacy Roles and Responsibilities * High Level Roadmap and Ideas to Consider for Future Strategy