HCISPP

Course
Time
5 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Transcription

00:00
Hello again and welcome to the H C I s P p certification course with Sai Buri Privacy Principles. My name is Shalane Hutchins and I'm your instructor
00:12
today we're going to review some privacy principles that have influenced privacy laws and regulations Will Why?
00:20
The consistent implementation and application of privacy principles enables organizations to effectively manage the data lifecycle of data they maintain
00:30
we will cover specifically general privacy principles. The only C D yeah,
00:37
pepita in d. P. A.
00:42
Basic privacy principles includes
00:46
consent or choice.
00:48
The principle that the individual has choice and how their data issues
00:52
limited collection
00:54
or legitimate purpose
00:56
or purpose specifications
00:58
is the principle that data is Onley collected for a specific purpose and not for any other reason.
01:04
Disclosure limitation transferred to third parties or transporter concerns
01:11
is the principal where disclosure is only for the purpose is stated in any agreements with third parties or other entities.
01:19
Access limitation
01:22
is the principle that only those who require access should have access to the data.
01:27
Security
01:29
is the principle that the appropriate protections will be put in place to safeguard data
01:34
accuracy, completeness and quality
01:38
is the principle that aligns with the security principle of data integrity
01:42
data will be complete and accurate and up to date
01:51
the privacy Principle of management designation of privacy Officer supervisor re authority processing authorization Accountability
02:01
is the principle that there is a designated data controller or stakeholder, someone who's responsible for protection of date
02:10
transparency and open. This
02:13
is the principle that relates to ensuring that the information around the policies and procedures are made readily available relating to the management of personal information.
02:24
Proportionality.
02:27
Usan retention
02:29
use limitation
02:30
is the principle regarding guidelines around how data is handled when no longer required to feel the identified purposes.
02:39
Access an individual participation
02:44
is the principle around the rights of an individual regarding the existence, use and disclosure of their data
02:52
notice and purpose Specifications is the principle that provides notice about privacy policies and identifies the purposes that the data is collected.
03:05
An additional measures for breach notification
03:07
is the principal around specifications for notification in the event of a data breach.
03:19
Now you may remember from the compliance video talking about the only CD as a compliance framework.
03:25
We're here. We're going to discuss the role E. C. D. Has played in promoting respect for privacy as a fundamental value for the free flow of personal data across borders.
03:38
The only CD is a standard that is based on the guidelines on the protection of privacy and transporter flows of personal data.
03:49
The's guidelines were the first set of privacy principles and contains five parts.
03:53
They are
03:55
part one,
03:58
the general definitions in the scope of the guidelines.
04:01
Part two covers the basic principle of application that includes, but is not limited to, collection
04:10
data quality,
04:11
purpose, security,
04:13
individual participation and accountability.
04:16
Part three are the basic principles of international application,
04:21
and part for is the national implementation guidelines.
04:27
In part by are the guidelines for the international cooperation
04:35
now. We talked before about get the generally accepted privacy puts. They provide criteria and related material for protecting the privacy of personal information that could be used by CPS or certified public accountants.
04:51
The Gap standard defines the following 10 principles which are very similar and align with the overall privacy principles
05:01
management,
05:02
meaning that entity defines documents, communicates in the science accountability for its privacy policies and procedures.
05:11
Notice
05:12
is where the entity provides notice about its privacy policies and procedures
05:15
and identifies the purposes for which personal information is collected, use, retained and and disclosed.
05:25
Choice and consent
05:27
is the description of choices available to the individual and obtains implicit or explicit consent with respect to the collection, Use and disclosure of the information
05:39
collection
05:40
is the principal where the entity collects personal information on lee for the purposes identified and noticed.
05:46
Use, retention and disposal
05:48
means the entity limits. The use of personal information to the purpose is identified in the notice and for which the individual has provided implicit or explicit consent.
06:01
Access is how the entity provides individuals with access to their personal information for review and update.
06:10
Disclosure to third parties is that the entity discloses personal information to third parties on Lee for the purposes identified in the notice
06:19
and with the implicit or explicit consent of the individual.
06:24
Security for privacy is where the entity protects the personal information against unauthorized access. Both physical and logical
06:34
quality
06:35
is that the entity maintains accurate, complete and relevant personal information for the purposes, identify then the notice
06:45
and monitoring and enforcement.
06:46
The entity monitors compliance, look it's privacy policies and procedures and has procedures to address privacy related complaints and disputes.
07:00
Pita is the Canadian regulation for protection of personal information.
07:05
It sets the ground rules for how private sector organizations collect, use or disclose personal information.
07:14
The law gives individuals the right to access and request correction to the personal information that companies may have collected about them
07:23
in general. Pepita up last organizations commercial activities in all provinces except organizations that collect user, disclose personal information entirely with in a province that has their own privacy laws.
07:39
All those laws really actually are very similar to the federal law.
07:48
D. P. A. Is the United Kingdom's Data Protection Act of 1998.
07:56
The Information Commissioner's office is the U. K's independent authority, set up to promote access to official information and protect personal information.
08:07
Unless they are exempt, every organization that processes personal information must be registered with the information Commissioner's office.
08:16
The DP A gives individuals the right to know what information is held about them and provides a framework to ensure the personal information is handled properly.
08:28
The act came into force on March 1st 2000 and covers personal data held on computers and in manual files. It also imposes restrictions on the transfer transfer of data outside of the European economic Area, which has particular implications
08:46
replacing materials on the Web.
08:50
The organization must comply with the eight data protection principles which ensure that personal data is fairly and lawfully processed.
09:00
Process for limited purposes.
09:01
Adequate, relevant and not excessive,
09:05
accurate and up to date
09:07
not kept for longer than is necessary,
09:11
processed in line with the rights of the individuals
09:15
secure
09:16
and not transferred to other countries without adequate protection.
09:24
So what we discussed in this video, where the general principles and and standards that align with those principles
09:31
make sure to review the supplement of materials and flash cars
09:37
to go over these privacy principles and their definitions.
09:41
Join me for the next video the relationship between security and privacy.

Up Next

HCISPP

The HCISSP certification course provides students with the knowledge and skills to successfully pass the certification test needed to become a healthcare information security and privacy practitioner. The course covers all seven domains included on the exam.

Instructed By

Instructor Profile Image
Schlaine Hutchins
Director, Information Security / Security Officer
Instructor