Scribd Logo
Upload

Welcome to Scribd!

  • Chapter 9 SIA

    Uploaded by

    Zulfikar Khatami
    19 views7 pages
    This document discusses privacy, confidentiality, and identity theft. It provides definitions and examples of privacy, which focuses on personal information, and confidentiality, which focuses on organizational data. It emphasizes the importance of employee training to protect information and identifies types of identity theft. It also outlines the 11 Generally Accepted Privacy Principles, which are best practices for protecting customer privacy, including proper notice, choice, collection limits, information use, access, and security.

    Original Description:

    Original Title

    Chapter 9 SIA.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses privacy, confidentiality, and identity theft. It provides definitions and examples of privacy, which focuses on personal information, and confidentiality, which focuses on organizational data. It emphasizes the importance of employee training to protect information and identifies types of identity theft. It also outlines the 11 Generally Accepted Privacy Principles, which are best practices for protecting customer privacy, including proper notice, choice, collection limits, information use, access, and security.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    19 views7 pages

    Chapter 9 SIA

    Uploaded by

    Zulfikar Khatami
    This document discusses privacy, confidentiality, and identity theft. It provides definitions and examples of privacy, which focuses on personal information, and confidentiality, which focuses on organizational data. It emphasizes the importance of employee training to protect information and identifies types of identity theft. It also outlines the 11 Generally Accepted Privacy Principles, which are best practices for protecting customer privacy, including proper notice, choice, collection limits, information use, access, and security.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    Chapter 9

    Privacy and Confidentiality

    Privacy Confidentiality
    • Protection of information and • Protection of information and
    data inside an organization data inside an organization
    • Focus on personal information • Focus on organizational data and
    about customers, employees, the intellectual property of the
    suppliers, or business partners. organization
    Components of
    Privacy and
    Confidentiality
    Controls
    Importance of Employee Training

    • Employees are big part of an organization


    • Employee needs to know what information they can
    share with outsider and what information they need
    to protect
    • Employees need to know how to protect information
    Identity Theft

    What is it?
    Identity theft is the unauthorized use of • Securely store documents that contain
    someone’s personal information for the sensitive personal and financial
    perpetrators benefit information
    • Beware of e-mail, telephone, and print
    requests to “verify” personal information
    How to protect from identity theft? that the requesting party should already
    (examples) possess.
    • Shred all documents that contain personal • Limit the amount of other information
    (address and phone number) preprinted
    information, especially unsolicited credit on checks, and consider totally
    card offers, before discarding them. eliminating such information
    Generally Accepted Privacy Principles
    2. Notice An organization should provide
    notice about its privacy policies and
    What is it? practices at or before the time it collects
    personal information from customers, or as
    10 internationally recognized best practices for soon as practicable thereafter.
    protecting the privacy of customers’ personal
    information. 3. Choice and consent Organizations should
    explain the choices available to individuals
    and obtain their consent prior to the
    collection and use of their personal
    The Principles information.
    1. Management Organizations need to 4. Choice and consent. Organizations should
    explain the choices available to individuals
    establish a set of procedures and policies for and obtain their consent prior to the
    protecting the privacy of personal collection and use of their personal
    information.
    information they collect from customers.
    Generally Accepted Privacy Principles (Cont’d)
    5. Collection. An organization should collect only 9. Disclosure to third parties. Organizations
    the information needed to fulfill the should disclose their customers’ personal
    purposes stated in its privacy policies. information to third parties only in the
    situations and manners described in the
    6. Use, retention, and disposal. Organizations organization’s privacy policies and only to third
    should use customers’ personal information parties who provide the same level of privacy.
    only in the manner described in their stated
    privacy policies and retain that information 10. Security. An organization must take reasonable
    only as long as it is needed to fulfill a legitimate steps to protect its customers’ personal
    business purpose. When the information information from loss or unauthorized
    is no longer useful, it should be disposed of in a disclosure. Therefore, organizations must use
    secure manner. the various preventive, detective, and
    corrective controls to restrict access to their
    7. Access. An organization should provide customers’ personal information.
    individuals with the ability to access, review,
    correct, and delete the personal information 11. Monitoring and enforcement. An organization
    stored about them. should assign one or more employees
    to be responsible for ensuring compliance with
    8. Quality. Organizations should maintain the its stated privacy policies. Organizations
    integrity of their customers’ personal must also periodically verify that their
    information and employ procedures to ensure employees are complying with stated privacy
    that it is reasonably accurate. policies.

    You might also like