A Policy is Not Enough- 7 Steps Organizations Can Take

In A Policy is Not Enough, Ontario’s Information and Privacy Commissioner Ann Cavoukian outlines seven steps organizations should consider implementing to effectively translate privacy policies into privacy practices.

• Implement a privacy policy that reflects the privacy needs and risks of the organization and consider conducting an effective Privacy Impact Assessment

• Link each requirement within the policy to a concrete, actionable item- operational

processes, controls and/or procedures, translating each policy item into a specific practice that must be executed.

• Demonstrate how each practice item will actually be implemented.

• Develop and conduct privacy education and awareness training programs to ensure all employees understand the policies and practices required, as well as the obligations they impose.

• Designate a central go-to person for privacy-related queries within the organization.

• Verify both the employee and organizational execution of privacy policies an operational processes and procedures Proactively prepare for a potential privacy breach by establishing a data breach protocol to effectively manage a breach.

Read more

Posted Under: Canada

Post By (955 Posts)