Generally Accepted Privacy Principles - Part 4

Each of the 10 Generally Accepted Privacy Principles has sets of criteria organized into sub-categories with sub-sub categories below most. Here are the top sub categories for the third and fourth of the 10 generally accepted privacy principles (choice and consent, and collection):

3. Choice and consent. The entity describes the choices available to the individual and obtains implicit or explicit consent with respect to the collection, use and disclosure of personal information.

3.1    Policies and Communications
3.1.0  Privacy Policies
3.1.1  Communication to Individuals
3.1.2  Consequences of Denying or Withdrawing Consent

3.2    Procedures and Controls
3.2.1  Implicit or Explicit Consent
3.2.2  Consent for New Purposes and Uses
3.2.3  Explicit Consent for Sensitive Information
3.2.4  Consent for Online Data Transfers To or From an Individual's Computer or Other Similar Eletronic Devices


4. Collection. The entity collects personal information only for the purposes identified in the notice.

4.1    Policies and Communications
4.1.0  Privacy Policies
4.1.1  Communication to Individuals
4.1.2  Types of Personal Information Collected and Methods of Collection

4.2    Procedures and Controls
4.2.1  Collection Limited to Identified Purpose
4.2.2  Collection by Fair and Lawful Means
4.2.3  Collection from Third Parties
4.2.4  Information Developed about Individuals


A link to a detailed table of these criteria along with illustrative controls and procedures (and additional information) is available on our website at www.socauditing.com

End of Part 4

- Mark Gleason
  www.socauditing.com