As a privacy assessor, what would most likely be the first artifact you would ask for while assessing an organization which claims that it has implemented a privacy program?
A company collects personal information about its employees and requests them to provide accurate
information in order to avail benefits such as life insurance and medical insurance. Employees of the
company have raised concerns about use of their personal information. Due to the concerns, the company
has decided to create a privacy policy. What all should the company include in its privacy policy to address
the raised concerns?
As a newly-appointed privacy officer of an IT company gearing up for DSCI's privacy certification, you are
trying to understand what data elements are involved in each of the business process, function and if these data
elements can be classified as sensitive personal information. What is being accomplished with this effort?
A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.
For exporting EU branch employees' data to Asian Countries for processing, which of the following instruments could be used for legal data transfer?
Complete the sentence:
The Gramm-Leach-Bliley Act (GLBA) of US regulates the privacy practices adopted by financial institutions,
requiring them to provide adequate security of the customer records. It lays various obligations on the financial
institutions but allows such financial institutions to share the non-public information of customers (after
properly notifying their consumers in a manner mentioned in the Act) with
