Ready to Start Your Career?

CISSP Study Guide: Organizational Privacy Policies

Cybrary's profile image

By: Cybrary

December 15, 2022

Organizations establish and disclose privacy policies outlining their approach to handling PII. These usually entail:

  • Statement of the organization’s commitment to privacy. The type of information the organization would collect. This could include names, addresses, credit card numbers, phone numbers, etc.
  • Retaining and using e-mail correspondence.
  • Information gathered through cookies and Web server logs and how that information is used.
  • How information is shared with affiliates and strategic partners.
  • Mechanisms to secure information transmissions, such as encryption and digital signatures.
  • Mechanisms to protect PII stored by the organization.
  • Procedures for review of the organization’s compliance with the privacy policy.
  • Evaluation of information protection practices.
  • Means for the user to access and correct PII held by the organization.
  • Rules for disclosing PII to outside parties.
  • Providing PII that is legally required.
Schedule Demo

Let's build your cybersecurity career together

Accelerate in your role, prepare for certifications, and develop cutting edge skills with the most in-demand training in the industry.

2,000+learning activities led by highly experienced cybersecurity professionals