|

Computer Security

»

Security - Management

Corporate Privacy Policy

View: New views

5 Messages — Rating Filter: Alert me

	Corporate Privacy Policy by Doug Fox :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. I searched Google, NIST, NSA, SANS, etc. for samples of corporate / enterprise privacy policy on personal information to be used by HR, department managers, etc., but not the kind of privacy policy posted on web sites, but to no avail. Appreciate any pointers to locate one or two of the samples Thanks, DF
	RE: Corporate Privacy Policy by Gary Everekyan-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. If you can afford it the best resource is Information Security Policies Made Easy by Charles C. Wood. http://www.baselinesoft.com/ispmemain.htm Regards, Gary Everekyan CISSP, CISM, ISSAP,ISSPCS, ITILp, MCSE, MCT Information Security and Audit "High achievement always takes place in the framework of high expectation" - Jack Kinder From: Doug Fox [mailto:dfox168@...] Sent: Thursday, May 18, 2006 10:35 PM To: security-management@... Subject: Corporate Privacy Policy I searched Google, NIST, NSA, SANS, etc. for samples of corporate / enterprise privacy policy on personal information to be used by HR, department managers, etc., but not the kind of privacy policy posted on web sites, but to no avail. Appreciate any pointers to locate one or two of the samples Thanks, DF
	Re: Corporate Privacy Policy by Lars Neupart :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message You may want to take a look at OECD's web site. They offer a free privacy policy generator. http://www.oecd.org/sti/privacygenerator /Lars Neupart - Doug Fox <dfox168@...> wrote: > I searched Google, NIST, NSA, SANS, etc. for samples of corporate / > enterprise privacy policy on personal information to be used by HR, > department managers, etc., but not the kind of privacy policy posted > on web sites, but to no avail. > > Appreciate any pointers to locate one or two of the samples > > Thanks, > > DF > Lars Neupart Tel: +45 4015 6065
	RE: Corporate Privacy Policy by Doug Markiewicz :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Message Charles Cresson Wood is a good resource if you're looking for develop a complete policy set. If you've already got a policy set and are just looking to add Privacy to the collection, its probably not worth the expense. A good bit of what Cresson uses for Privacy is straight out of the EU Directive 95/46. Looking at existing legislation and privacy principles should be sufficient. Here are some resources: FTC Fair Information Practice Principles http://www.ftc.gov/reports/privacy3/fairinfo.htm OECD Privacy Principles http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html EU Directive 95/46 http://europa.eu.int/smartapi/cgi/sga_doc?smartapi!celexapi!prod!CELEXnumdoc&lg=EN&numdoc=31995L0046 Safe Harbor (Based on EU privacy) http://www.export.gov/safeHarbor/index.html http://www.export.gov/safeHarbor/SHPRINCIPLESFINAL.htm If you work in the US, I would also check out all the state security breach laws. They will be a good reference for defining personal information if thats not already defined in your data classification. You should also have a policy for handling breaches whether part of your privacy policy or a document in and of itself. Hope that helps! -----Original Message----- From: Gary Everekyan [mailto:karo@...] Sent: Friday, May 19, 2006 12:20 AM To: 'Doug Fox'; security-management@... Subject: RE: Corporate Privacy Policy If you can afford it the best resource is Information Security Policies Made Easy by Charles C. Wood. http://www.baselinesoft.com/ispmemain.htm Regards, Gary Everekyan CISSP, CISM, ISSAP,ISSPCS, ITILp, MCSE, MCT Information Security and Audit "High achievement always takes place in the framework of high expectation" - Jack Kinder From: Doug Fox [mailto:dfox168@...] Sent: Thursday, May 18, 2006 10:35 PM To: security-management@... Subject: Corporate Privacy Policy I searched Google, NIST, NSA, SANS, etc. for samples of corporate / enterprise privacy policy on personal information to be used by HR, department managers, etc., but not the kind of privacy policy posted on web sites, but to no avail. Appreciate any pointers to locate one or two of the samples Thanks, DF
	Hipaa Security Policy by Rezendes, Joseph :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Does anyone have a good outline for a HIPAA Security Program? This should be in the form of an annual review and I would think should cover admin, technical and physical controls. Best Regards, Joe Rezendes Office: 727-299-4376 Cell: 813-924-6537 Fax: 727-299-3437 Mail Station: 140-3 Email: jrezend@... > This message may contain information that is legally privileged or confidential. If you received this transmission in error, please notify the sender by reply email, and delete the message and any attachments. This transmission is believed to be defect free; however, no responsibility is accepted by the sender for damage arising from its receipt. > Notice: All email and instant messages (including attachments) sent to or from Franklin Templeton Investments (FTI) personnel may be retained, monitored and/or reviewed by FTI and its agents, or authorized law enforcement personnel, without further notice or consent.