Hello again and welcome to the H C I s P p certification course with Sai Buri Privacy Principles. My name is Shalane Hutchins and I'm your instructor
today we're going to review some privacy principles that have influenced privacy laws and regulations Will Why?
The consistent implementation and application of privacy principles enables organizations to effectively manage the data lifecycle of data they maintain
we will cover specifically general privacy principles. The only C D yeah,
Basic privacy principles includes
The principle that the individual has choice and how their data issues
or legitimate purpose
or purpose specifications
is the principle that data is Onley collected for a specific purpose and not for any other reason.
Disclosure limitation transferred to third parties or transporter concerns
is the principal where disclosure is only for the purpose is stated in any agreements with third parties or other entities.
is the principle that only those who require access should have access to the data.
is the principle that the appropriate protections will be put in place to safeguard data
accuracy, completeness and quality
is the principle that aligns with the security principle of data integrity
data will be complete and accurate and up to date
the privacy Principle of management designation of privacy Officer supervisor re authority processing authorization Accountability
is the principle that there is a designated data controller or stakeholder, someone who's responsible for protection of date
transparency and open. This
is the principle that relates to ensuring that the information around the policies and procedures are made readily available relating to the management of personal information.
is the principle regarding guidelines around how data is handled when no longer required to feel the identified purposes.
Access an individual participation
is the principle around the rights of an individual regarding the existence, use and disclosure of their data
notice and purpose Specifications is the principle that provides notice about privacy policies and identifies the purposes that the data is collected.
An additional measures for breach notification
is the principal around specifications for notification in the event of a data breach.
Now you may remember from the compliance video talking about the only CD as a compliance framework.
We're here. We're going to discuss the role E. C. D. Has played in promoting respect for privacy as a fundamental value for the free flow of personal data across borders.
The only CD is a standard that is based on the guidelines on the protection of privacy and transporter flows of personal data.
The's guidelines were the first set of privacy principles and contains five parts.
the general definitions in the scope of the guidelines.
Part two covers the basic principle of application that includes, but is not limited to, collection
individual participation and accountability.
Part three are the basic principles of international application,
and part for is the national implementation guidelines.
In part by are the guidelines for the international cooperation
now. We talked before about get the generally accepted privacy puts. They provide criteria and related material for protecting the privacy of personal information that could be used by CPS or certified public accountants.
The Gap standard defines the following 10 principles which are very similar and align with the overall privacy principles
meaning that entity defines documents, communicates in the science accountability for its privacy policies and procedures.
is where the entity provides notice about its privacy policies and procedures
and identifies the purposes for which personal information is collected, use, retained and and disclosed.
is the description of choices available to the individual and obtains implicit or explicit consent with respect to the collection, Use and disclosure of the information
is the principal where the entity collects personal information on lee for the purposes identified and noticed.
Use, retention and disposal
means the entity limits. The use of personal information to the purpose is identified in the notice and for which the individual has provided implicit or explicit consent.
Access is how the entity provides individuals with access to their personal information for review and update.
Disclosure to third parties is that the entity discloses personal information to third parties on Lee for the purposes identified in the notice
and with the implicit or explicit consent of the individual.
Security for privacy is where the entity protects the personal information against unauthorized access. Both physical and logical
is that the entity maintains accurate, complete and relevant personal information for the purposes, identify then the notice
and monitoring and enforcement.
The entity monitors compliance, look it's privacy policies and procedures and has procedures to address privacy related complaints and disputes.
Pita is the Canadian regulation for protection of personal information.
It sets the ground rules for how private sector organizations collect, use or disclose personal information.
The law gives individuals the right to access and request correction to the personal information that companies may have collected about them
in general. Pepita up last organizations commercial activities in all provinces except organizations that collect user, disclose personal information entirely with in a province that has their own privacy laws.
All those laws really actually are very similar to the federal law.
D. P. A. Is the United Kingdom's Data Protection Act of 1998.
The Information Commissioner's office is the U. K's independent authority, set up to promote access to official information and protect personal information.
Unless they are exempt, every organization that processes personal information must be registered with the information Commissioner's office.
The DP A gives individuals the right to know what information is held about them and provides a framework to ensure the personal information is handled properly.
The act came into force on March 1st 2000 and covers personal data held on computers and in manual files. It also imposes restrictions on the transfer transfer of data outside of the European economic Area, which has particular implications
replacing materials on the Web.
The organization must comply with the eight data protection principles which ensure that personal data is fairly and lawfully processed.
Process for limited purposes.
Adequate, relevant and not excessive,
accurate and up to date
not kept for longer than is necessary,
processed in line with the rights of the individuals
and not transferred to other countries without adequate protection.
So what we discussed in this video, where the general principles and and standards that align with those principles
make sure to review the supplement of materials and flash cars
to go over these privacy principles and their definitions.
Join me for the next video the relationship between security and privacy.