...
Resources of Interest
|
|---|
Questions You Should Be Asking About Data Protection and Privacy
- What is the privacy policy?
- Under what circumstances can it be modified?
- How will I be notified of modifications? Will I be proactively contacted, or will I be responsible for monitoring a webpage?
- How does the organization protect my data in transit?
- does it use SSL (https://)?
- How does the organization protect my data while in its data center (aka "at rest")?
- is it encrypted?
- is it housed in systems in the United States? Without exception?
- How is access managed? E.g. who has access, and under what circumstances?
- what controls are in place to ensure only appropriate staff are able to decrypt it, and under what circumstances?
- normal use for intended purposes
- in response to subpoena or other lawful judicial order (e.g. discovery process)?
- How long has this organization been in business?
- What information is available about its stability and long-term business prospects?
- What if this organization goes out of business - what happens to my data?
- Is there a data escrow plan in place?
- What if this organization is acquired - what happens to my data?
- What happens to my agreement(s) with the organization under new ownership or management?
- How long can an organization hold data about me after the end of our official business relationship?
- what processes are in place to protect data after the relationship ends?
- Can an organization use my information or pass it on without my consent?
- There is inaccurate information held on my file. What can I do?
- How do I get information (including medical records) held about me corrected?
- How do I get an organization to stop using my data?
- How do I get information held about me deleted?
...