Computer Security
 » 
Security - Management

 « Return to Thread: Corporate Privacy Policy

RE: Corporate Privacy Policy

by Doug Markiewicz :: Rate this Message:

Reply to Author | View in Thread

Some parts of this message have been removed. Learn more about Nabble's security policy.
Message
Charles Cresson Wood is a good resource if you're looking for develop a complete policy set.  If you've already got a policy set and are just looking to add Privacy to the collection, its probably not worth the expense.  A good bit of what Cresson uses for Privacy is straight out of the EU Directive 95/46.  Looking at existing legislation and privacy principles should be sufficient.  Here are some resources:
 
FTC Fair Information Practice Principles
http://www.ftc.gov/reports/privacy3/fairinfo.htm
 
OECD Privacy Principles
http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html
 
EU Directive 95/46
http://europa.eu.int/smartapi/cgi/sga_doc?smartapi!celexapi!prod!CELEXnumdoc&lg=EN&numdoc=31995L0046
 
Safe Harbor (Based on EU privacy)
http://www.export.gov/safeHarbor/index.html
http://www.export.gov/safeHarbor/SHPRINCIPLESFINAL.htm
 
If you work in the US, I would also check out all the state security breach laws.  They will be a good reference for defining personal information if thats not already defined in your data classification.  You should also have a policy for handling breaches whether part of your privacy policy or a document in and of itself.
 
Hope that helps!
 
-----Original Message-----
From: Gary Everekyan [mailto:karo@...]
Sent: Friday, May 19, 2006 12:20 AM
To: 'Doug Fox'; security-management@...
Subject: RE: Corporate Privacy Policy

If you can afford it the best resource is  Information Security Policies Made Easy by  Charles C. Wood.
  http://www.baselinesoft.com/ispmemain.htm
 

Regards,

Gary Everekyan
CISSP, CISM, ISSAP,ISSPCS, ITILp, MCSE, MCT
Information Security and Audit
"High achievement always takes place in the framework of high expectation" - Jack Kinder


 

From: Doug Fox [mailto:dfox168@...]
Sent: Thursday, May 18, 2006 10:35 PM
To: security-management@...
Subject: Corporate Privacy Policy

I searched Google, NIST, NSA, SANS, etc. for samples of corporate / enterprise privacy policy on personal information to be used by HR, department managers, etc., but not the kind of privacy policy posted on web sites, but to no avail.
 
Appreciate any pointers to locate one or two of the samples
 
Thanks,
 
DF
 

 « Return to Thread: Corporate Privacy Policy

LightInTheBox - Buy quality products at wholesale price!
Free Forum Powered by Nabble Forum Help