Compliance and Ethical Behavior Flashcards
Complexity of laws and regulations that must be followed
- Federal law establishes a baseline
- State and local gov’t may establish laws that go above and beyond
- For orgs outside the country, find where the final word resides
- Org attorneys and HR professionals are the source of knowledge for TD professionals
A big risk to TD professionals is…..
handling various kinds of information and inadvertently allowing the information to fall into the hands of someone who is not authorized to access it
4 Types of Information
- intellectual capital (such as employee expertise, organizational processes, or formulas)
- personally identifiable information (PII; such as employee contact information)
- patient information (such as health information)
- customer data (such as the size of orders or employee contact information)
To whom can mishandled information cause harm?
- the organization’s competitive advantage
- employees
- patients
- customers’ businesses or customer relationship
What does a TD professional need to know in order to handle information correctly?
- how the informationis stored
- who has legitimate access
- how sensitivity is classified
- how acceptable usage policies are defined
GDPR (General Data Protection Regulation)
In effect since May 2018, GDPR is designed to harmonize data privacy laws across Europe, protect and empower all EU citizens’ data privacy, and reshape the way organizations approach data privacy.
Who does GDPR apply to?
GDPR applies only to companies that do business with customers in the EU, many apply it globally because of worldwide companies and relationships
When might GDPR apply to a TD professional?
If they collect personal data from employees, including more transparency, stringent legal requirements for processing information, and increased accountability
