Question

Could you please research, identify and explain controls designed to protect the privacy of customers' personal information? What other controls would you like the government to mandate? Be specific in providing your explanation with examples.

Answer 1

Solution:-

Encrypting information before sending it over the Internet creates what is called a Virtual Private Network (VPN)It is especially important to encrypt any sensitive information stored in laptops, personal digital assistants (PDAs), cell phones and other portable devices.

It is also important to control access to system outputs.

Useful control procedures for doing to include the following:

• Do not allow visitors to roam through buildings without supervision, to prevent them from seeing sensitive information on workstation displays or picking up and reading printed reports.
• Require employees to log out of any applications prior to leaving their workstation unattended.
• Restrict access to rooms housing printers and fax machines
• Code reports to reflect the importance of the information contained therein, and train employees to not leave reports containing sensitive information in plain view on their desktops when they are not physically present

Ten internationally recognized best practices for protecting the privacy of customers’ personal information:

1. Management.:- The organization establishes a set of procedures and policies forprotecting the privacy of personal information it collects and assigns responsibility and accountability for those policies to a specific person orgroup of employees.
2. Notice:- The organization provides notice about its privacy policies and practices at or before the time it collects personal information from customers, or as soon as practicable thereafter.
3. Choice and Consent:- The organization describes the choices available to individuals and obtains their consent to the collection and use of their personal information.
4. Collection:- The organization collects only that information needed to fulfillthe purposes stated in its privacy policies.
5. Use and Retention:- The organization uses its customers’ personal information only in the manner described in its stated privacy policies and retains thatinformation only as long as it is needed.
6. Access:- The organization provides individuals with the ability to access, review, correct, and delete the personal information stored about them.
7. Disclosure to Third Parties:- The organization discloses customers’ personal privacy policies and only to third parties who provide equivalent protectionof that information.
8. Security:- The organization takes reasonable steps to protect customers’ personal information from loss or unauthorized disclosure.
9. Quality:- The organization maintains the integrity of its customers’ personal information.
10. Monitoring and Enforcement:- The organization assigns one or more employees to be responsible for assuring compliance with its stated privacy policies and periodically verifies compliance with those policies.