Privacy Compliance Policy - Road Map For CIO's and CSO's
Privacy Compliance Policy meets new California Privacy and GDPR mandated requirements. It comes in MS WORD, PDF, and ePub formats - easy to modify
California Leads the nation with its new Privacy Mandated Requirements
Privacy Compliance Policy - Road Map For CIO's and CSO's -- Mandated privacy requirements are designed to protect the individual's privacy from unwarranted invasion, to make sure that personal information in possession of an entity is properly used, and to prevent any potential misuse of personal information in the possession of that entity. This policy establishes the processes and procedures, and assigns responsibilities, for fulfilling mandated privacy requirements.
Right to Privacy defined by California Law supports GDPR
Right to privacy has been defined in two major pieces of legislation – one for the EU (GDPR) and the other in the California Privacy act which will take effect in 2020. (NOTE: We believe that other states will follow California's lead an enact addition privacy legislation)
- The right to know what personal information is being collected about them.
- The right to know whether their personal information is sold or disclosed and to whom.
- The right to say no to the sale of personal information.
- The right to access their personal information.
- The right to equal service and price, even if they exercise their privacy rights.
The policy contains text that can be used immediately. For example::
General Policy Statement
The Chief Security Officer or delegate must approve all processing activities at ENTERPRISE associated with information (data) that falls within mandated privacy requirements. This information includes but is not limited to customer identification data, contact information, email addresses, social security numbers, credit card numbers, credit card expiration dates, security codes, passwords, customer names, customer numbers, ENTERPRISE proprietary data, and any other data (i.e. California Personal ID number).
This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve this information (e.g. on-line processing, outsourced to a third party, Internet, Intranet or swipe terminals).
All processing, storage and retrieval activities for this information must maintain the strict access control standards and the Chief Security Officer mandates these specific policies be followed.You can download the Table of Contents and some sample pages by clicking on the link below.