Privacy Operational Life Cycle: Chapter 6 Protect: Policies

Question 1

Privacy policy

Answer 1

Governs the privacy goals and strategic direction of the orgs privacy office

Also known as the Privacy Notice

Question 2

Privacy policy goals

Answer 2

Explain to customers how the org handles PI

Explains to employees how the org handles PI

Describes steps for employee handling PI and responsibilities

Outline how personal data will be processed

Question 3

Privacy policy components

Answer 3

Purpose
Scope
Applicability
Roles and responsibilities
Compliance

Question 4

Policy vs Notice

Answer 4

Internal vs external

Question 5

Employee policy

Answer 5

Sections:
Issue/objective statement
Statements of the orgs position
Applicability
Roles and Responsibilities
Compliance
Points of contact

Question 6

Procurement: vendors

Answer 6

Identify vendors and their legal obligations

Evaluate risk, policies and server location

Develop a thorough contract

Monitor vendors practices and performance

Use a vendor policy

Question 7

Data retention

Answer 7

Determine what data is being retained, how and where stored

Understand legal requirements for data

Brainstorm scenarios that would require data retention

Estimate business impacts of retaining vs storing data

Develop and implement a policy

Question 8

Policy completion

Answer 8

Communicate to org
Awareness
Formal training
Policies apply to everyone in the org