5.4 Flashcards
Compliance, privacy
5 consequences of noncompliance
Fines
Sanctions
Reputational damage
Loss of license
Contractual impacts (some business deals require minimum level of compliance)
The ongoing process of internal efforts to ensure compliance in day-to-day operations
Compliance monitoring
The duty to act honestly and in good faith in internal activities (regulatory compliance)
Due care
The duty to act honestly and in good faith when vetting third-parties and their activities (regulatory compliance)
Due diligence
The act of an executive signing off on formal compliance documentation. This person is then responsible if the documentation is incorrect
Attestation and acknowledgement
Compliance monitoring can be ____ or ____.
Internal
External
The individual who the PII data is about
Data subject
The individual who is responsible for the data
Data owner
The entity who manages the purposes and means by which personal data is processed
Data controller
The entity who processes data on behalf of the data controller
Data processor
The right for data subjects to control how, when, and where their data is stored and processed, including the right to ask that their data is deleted.
Right to be forgotten
A listing of all managed data that the company stores and collects.
Includes the owner of the data, the update frequency, and the format of that data.
Data inventory
The act of using stored data for project collaboration, IT security, data quality checks, etc.
Internal use
The act of using stored data to share with a third party. This requires the company to carefully follow existing laws and regulations regarding data privacy.
External use
