10: 5 Privacy and Compliance Flashcards
Jurisdiction of laws that can apply to organizations
Federal, State, Industry (worldwide)
PII
Personally Identifiable Information, info that can be traced back to an individual
PHI
Protected Health Information - Individually identifiable health records governed under HIPAA
GAPP
Generally accepted privacy principles - outlines 10 components of data privacy that can help orgs develop their own privacy programs
Management
Organizations handling private info should have policies, procedures, governance in place to protect privacy
Notice
Data subjects should receive notice that their info is being used and collected, as well as privacy policies and procedures
Choice and Consent
Org should inform data subjects of their options regarding data they own
Collection
Organization should only collect information for disclosed purposes
Use, retention and disposal
Org should only use information for disclosed purposes and dispose when needed securely
Access
Orgs should provide data subjects with the ability to review and update their information
Disclosure to Third Parties
Orgs should only share information with 3rd parties if that sharing is consistent with disclosed purposes
Security
Org must secure private info against unauthorized access
Quality
Org should take reasonable steps to ensure the private information is accurate, complete, and relevant
Monitoring and Enforcement
Org should have program in place to monitor compliance with its privacy policies and provide dispute resolution mechanism
Data Breach Consequences
Reputational damage, Identity Theft, Fines, Intellectual Property Theft
