Compliance Checklist for Privacy & Data Security Laws

In devising procedures for compliance with applicable privacy- and data security-related laws and regulations, the following transaction checklist may be helpful:

  1. Determine the scope of the laws and regulations applicable to the company, including whether the business activities of the company require collection of information from consumers and/or fall within specialized regulated areas such as financial services or health care;
  2. Review the steps that should be followed in order to develop a privacy and data security compliance program;
  3. Designate a chief privacy officer and invest sufficient resources to staff a privacy compliance unit and procure the necessary technology to implement an effective privacy and data security program;
  4. Consult applicable laws and regulations to develop a definition of the nonpublic personal information that must be covered by the company’s privacy and data security compliance program;
  5. Conduct an assessment of the information previously collected by the company and the current and projected collection activities of the company to create an inventory of where nonpublic personal information is collected, used, stored and transferred;
  6. Prepare and implement privacy-related policies and procedures, including general privacy policies and notices and procedures for collection and use of nonpublic personal information;
  7. Establish training programs on privacy-related compliance issues for employees, contractors and other agents of the company;
  8. Prepare and implement security requirements for nonpublic personal information, including information security policies and procedures;
  9. Prepare procedures and contractual documents with respect to handling of the company’s nonpublic personal information by business partners and outside service providers;
  10. Prepare and implement procedures for proper and effective disposal of nonpublic personal information that is no longer needed by the company to conduct its business activities;
  11. Establish procedures for investigation and notification of security breaches; and
  12. Establish and follow procedures for regular audits of the effectiveness of the company’s privacy and data security compliance program.

The content in this post has been adapted from material that appears in Business Transactions Solutions and is presented with permission of Thomson/West.  Copyright 2008 Thomson/West.  For more information or to order call 1-800-762-5272.

2 thoughts on “Compliance Checklist for Privacy & Data Security Laws

  1. Will

    Asking questions are actually pleasant thing if you are not understanding anything totally, however this article presents fastidious understanding yet.

  2. Micheline

    Its such as you learn my mind! You seem to grasp a lot approximately this, like you wrote the ebook in it or something. I feel that you simply could do with a few p.c. to power the message house a little bit, however other than that, that is magnificent blog. A great read. I will definitely be back.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s