• Save
Fair Information Practices: Implementing In Businesses
Upcoming SlideShare
Loading in...5
×
 

Fair Information Practices: Implementing In Businesses

on

  • 1,379 views

This presentation provides an overview of how businesses will need to adapt to requirements that would come about if an Omnibus Privacy Law was passed in the United States. It highlights the business ...

This presentation provides an overview of how businesses will need to adapt to requirements that would come about if an Omnibus Privacy Law was passed in the United States. It highlights the business processes that will need to be implemented in order to comply with the Fair Information Practices on which such a law would be based.

This is the second of three presentations on this topic.

Statistics

Views

Total Views
1,379
Views on SlideShare
1,307
Embed Views
72

Actions

Likes
0
Downloads
0
Comments
0

7 Embeds 72

http://www.ericgoldman.name 65
http://192.168.2.100 2
http://s89341424.onlinehome.us 1
http://ericgoldman.name 1
http://www.slideshare.net 1
http://www.linkedin.com 1
http://www.docseek.net 1
More...

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Fair Information Practices: Implementing In Businesses Fair Information Practices: Implementing In Businesses Presentation Transcript

  • Fair Information Practices Business Process Requirements for Compliance
    • Thank you for checking out this presentation on SlideShare
    • This presentation provides an overview of how businesses will need to adapt to requirements that would come about if an Omnibus Privacy Law was passed in the United States. It highlights the business processes that will need to be implemented in order to comply with the Fair Information Practices on which such a law would be based.
    • This is the second of three presentations on this topic
    Presentation Overview For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • Agenda
    • Introduction
    • Meeting Compliance with Practices
    • Audit Considerations
    • Conclusion
    • Questions
    For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • Introduction
    • The Fair Information Practices provide a framework of concepts which will allow your organization to safeguard the private information of your employees and customers
    • The new omnibus law will help simplify the confusion resulting from variations in current sectoral privacy laws
    • These practices are already common in other parts of the world, by complying with the new US laws you will also simplify many of your cross-border business processes
    • Failure to understand and comply with the new laws may result in fines are other enforcement action
    For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • Collection Limitation
    • While traditionally an organization wanted to maximize it knowledge of an individual, this principle requires you minimize your collected records to specific purposes
    • Forms must be limited only to necessary information; For example, an online account creation form should not ask about average income unless it is directly related to the service being provided
    • Information is only collected into system where it can be accounted for and monitored. Customer information is collected through a specific form
    • Remember, usage of private information is opt-in, not opt-out. Consent is required for any data collection
    For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • Data Quality
    • Information should be relevant to the stated collection purpose and should be accurate and up-to-date
    • It is your obligation to keep records updated through internal auditing and interaction with the customers; Using inaccurate information can lead to poor decision making and harm to your organization or individuals
    • You must create procedures for making sure that information is as accurate and timely as needed
    • You provide easy mechanisms for users to update information as necessary between planned updates
    For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • Purpose Specification
    • You are responsible to disclose why you collect the personal information of any individual
    • Your privacy policies should explicitly state the purpose and need for the collection of specific information
    • Full disclosure is also required should your policies or terms change; “silent” updates to policies are no longer acceptable
    • Internal users must understand the specific purpose and should not use data beyond its original consented purpose
    • The purpose of collection should be reviewed, information should be removed if that purpose is no longer necessary
    For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • Use Limitation
    • If information is collected for some purpose, it cannot simply be used for another process out of convenience
    • Individuals must agree to secondary usage ahead of time
    • Your organization must have a information disposal policy in order to ensure that information cannot accidently be used beyond its initial purpose
    • Implement physical or technological access controls in order to limit when and who can access information
    For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • Security Safeguards
    • Data must be secured both physically and technologically
    • Individual information sets may require different safeguards and varying levels of protection
    • The safeguards you implement must provide discrete access that can later be audited; For example, individual user account and physical sign-in sheets
    • If a safeguard is breached, you are responsible to notify customers about the incident
    • Personal information is stored and transmitted using secure connections and media
    For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • Openness
    • Your organization’s privacy policies and practices must be public knowledge and individuals should easily be able to learn about how you use personal information
    • It should not be difficult to find this information, and it should be written in a clear and understandable manner
    • You must provide a contact point for individuals to ask questions or seek clarifications
    • Privacy terms, conditions, policies, and usage statements must easily be obtainable by users for review
    For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • Individual Participation
    • Individuals have the right to know what information you store about them and to access this information.
    • Individuals also have the right to request correction and can challenge any denial of the above rights
    • You should not make it difficult to obtain information and provide the information is a useful and readable manner
    • You should make it easy for individuals to file corrections and should record any disagreements not changed
    For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • Accountability
    • Your organization is responsible to follow the other practices outlined above. You can be held responsible for failures to safeguard personal information
    • Because you are accountable, you must regularly review and revise your practices to ensure privacy protection
    • It is important to remember that under the omnibus law, ALL private data is protected, not specific subset of data
    • If your organization is large enough, you should appoint a specific individual or group to monitor and manage your organization’s privacy practices and policies
    For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • Audit Considerations
    • Must be able to provide policy statements and documentation on procedures for auditor review
    • Should have clear documentation about the purpose and usage of all personal data collections
    • Must be able to demonstrate physical and technical protections of information and access controls
    • You should log when and by whom all information is collected, used, modified, and deleted
    • Take a walk in your customers shoes to ensure that all practices are in their favor and that they can in fact easily access or correct data, and find and understand policies
    For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • Conclusions
    • You are responsible to ensure that both your system and employees follow the Fair Information Practices
    • An individual must opt-in to the collection of personal information and must be informed of how it will be used and how your organization’s privacy policies affect him
    • Information collection should be minimized and relegated to the specific purpose for which consent was given
    • Information must be accurate and timely, and procedures must exist to correct or challenge this information
    • If you handle private information, you are accountable for its usage and safety, as well as maintenance or disposal
    For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • Questions
    • Floor is open to questions
    For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman
    • The reference list for this presentation is shared among multiple presentations, please see the full article for this presentation available at http://www.ericgoldman.name
    References For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman