IV - Process Oriented Strategies Flashcards
Supply (informing the individual)
Users should be informed of what information is being processed.
Notify (informing the individual)
users should be notified if their personal data has been exposed in a breach, or when they intend to use the data for a new purpose.
Explain (informing the individual)
Privacy notices should clearly explain why the data collection is necessary.
Consent (user control)
The org only processes information that has been freely given based on explicit and informed consent.
Choice (user control)
The org allows the individual to select or exclude the personal information that can be processed.
Update (user control)
The org provides a means by which the individual can keep their personal information accurate.
Retract (user control)
The org honours the individuals right to have any personal information removed in a timely manner.
Create (process and policy enforcement)
Org should create a privacy policy that describes how they’ll manage and protect personal information.
Maintain (process and policy enforcement)
Orgs should maintain established policies and processes to ensure consistency of privacy practices throughout the org.
Uphold (process and policy enforcement)
Orgs should treat personal information as an asset and privacy as a primary goal.
Log (demonstrate compliance)
Track all processing of data and review the logs for anything that might present a risk. Any deviations from standard processing procedures should be logged.
Audit (demonstrate compliance)
Audit logs to ensure that both logging and organizational activities are following established processes.
Report (demonstrate compliance)
Periodically create reports on tests, audits and logs and provide feedback to individuals responsible for those processes.
