California Leads the nation with its new Privacy Mandated Requirements
Privacy Complance Policy registerPrivacy Compliance Policy - Road Map For CIO's and CSO's -- Mandated privacy requirements are designed to protect the individual's privacy from unwarranted invasion, to make sure that personal information in possession of an entity is properly used, and to prevent any potential misuse of personal information in the possession of that entity. This policy establishes the processes and procedures, and assigns responsibilities, for fulfilling mandated privacy requirements.
Right to Privacy defined by California Law supports GDPR
Right to privacy has been defined in two major pieces of legislation - one for the EU (GDPR) and the other in the California Privacy act which will take effect in 2020. (NOTE: We believe that other states will follow California's lead an enact addition privacy legislation)
- The right to know what personal information is being collected about them.
- The right to know whether their personal information is sold or disclosed and to whom.
- The right to say no to the sale of personal information.
- The right to access their personal information.
- The right to equal service and price, even if they exercise their privacy rights.
This policy is easily modified and defines how to treat user data and what the rights are of the users. The template is 25 pages in length and complies with new California Privacy Mandate, GDPR, Sarbanes Oxley Section 404, ISO 27000 (17799), and HIPAA. The electronic word form that is provided can be delivered electronically, completed via computer, and filed electronically.
The policy contains text that can be used immediately. For example:
General Policy Statement
The Chief Security Officer or delegate must approve all processing activities at ENTERPRISE associated with information (data) that falls within mandated privacy requirements. This information includes but is not limited to customer identification data, contact information, email addresses, social security numbers, credit card numbers, credit card expiration dates, security codes, passwords, customer names, customer numbers, ENTERPRISE proprietary data, and any other data (i.e. California Personal ID number).
This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve this information (e.g. on-line processing, outsourced to a third party, Internet, Intranet or swipe terminals).
All processing, storage and retrieval activities for this information must maintain the strict access control standards and the Chief Security Officer mandates these specific policies be followed.
Privacy Compliance Policy - U.S. and EU Mandated Requirements
Right to Privacy
- California Consumer Privacy Act of 2018
- Consumer’s Right to Know Information that Has Been Captured
- Consumer’s Right to Have Data Removed
- Consumer’s Right to Know How Data is Used
- Consumer’s Rights to Data That is Sold
- Consumer’s Rights to Stopping the Sale of Data
- Consumer’s Rights to Not be Discriminated Due to Opt Out
- Enterprise Reporting Requirements
- Enterprise Internet and WWW requirements
Why Data is Captured
- Asking for Consent
- Recording consent
- Managing consent
Third Party Data
Gramm-Leach-Bliley (Financial Services Modernization Act of 1999
Massachusetts 201 CMR 17.00 Data Protection Requirements
User/Customer Sensitive Information and Privacy Bill of Rights
- Privacy Compliance Policy Agreement
- Version 1.0