Personal Data
There are steps you can take to minimize the risk of data loss. Responding to a call to action from the Federal Trade Commission for all major trade associations to address the security of data, the Direct Marketing Association approved security guidelines for its members. All members must follow four specific ethical guidelines to keep information about consumers secure.
Step 1. Have a Security Policy.Establish information security policies and practices to ensure the uninterrupted security of information systems.
Step 2. Train and Supervise for Security.
Institute vigorous training and oversight of your designated security team. But don’t stop there. Any other employee or contract worker with even occasional access to personally identifiable information must be trained and supervised.
Institute vigorous training and oversight of your designated security team. But don’t stop there. Any other employee or contract worker with even occasional access to personally identifiable information must be trained and supervised.
Step 3. Use Available Technology to Guard Personal Data.
Written policies and training go far, but not far enough. Construct structural and technological walls to contain personal information and run tests to ensure that the system works. Make contingency plans.
Written policies and training go far, but not far enough. Construct structural and technological walls to contain personal information and run tests to ensure that the system works. Make contingency plans.
Step 4. Inform Data Suppliers and Business Partners of their Responsibilities to Meet Your Security Specifications.
The information chain is only as strong as its weakest link. Make sure that personal data in your care are “tagged” and “fenced” when they enter your database, while they’re in storage and once they leave. Permit no information transfers without informing business partners to meet your security standards.
Financial Data
A new ISO standard will help to safeguard the privacy of people's financial data when being processed by automated, networked information systems.
ISO 22307:2008, Financial services – Privacy impact assessment, defines a methodology to help organizations in private and public sectors identify privacy issues and mitigate risks associated with processing the financial data of customers and consumers, business partners and citizens.
“One way of proactively addressing privacy principles and practices is to follow a standardized privacy impact assessment process for a proposed financial system, such as the one recommended in ISO 22307.”
The standard describes the privacy impact assessment (PIA) which should be carried out at an early stage in the development of a proposed financial system. As well as helping to identify optimal privacy options and solutions, it provides a way to ensure that the system complies with applicable laws and regulations governing customer and consumer privacy.
It is a tool that, when used effectively, can identify risks associated with privacy and help organizations plan to mitigate those risks. ISO 22307:
@ describes the PIA process in general
@ defines the common and required components of a privacy impact assessment, regardless of business systems affecting financial institutions, and
@ provides informative guidance, including frequently asked questions (FAQs) on PIAs and their implementation, together with a number of questionnaires designed to help users assess their needs and develop an effective PIA.
@ describes the PIA process in general
@ defines the common and required components of a privacy impact assessment, regardless of business systems affecting financial institutions, and
@ provides informative guidance, including frequently asked questions (FAQs) on PIAs and their implementation, together with a number of questionnaires designed to help users assess their needs and develop an effective PIA.
Bearing in mind that the legal framework for privacy protection differs from country to country, this internationally agreed standard on privacy impact assessments is an important step forward. The internationalization of PIAs is critical for global banking and, in particular, for cross-border financial transactions.
No comments:
Post a Comment