Privacy Rights Project
Do you have a process in place to support individuals with concerns about privacy rights?
What to do?
How easy is it for individuals to request and receive information that your organisation has about them?
Is there a clear and easy way for individuals to request to have personal information deleted?
Do you have a data quality process in place, and make it easy for individuals to view and update their personal information for accuracy and completeness? Be sure to include a step in the process to verify the identity of the person requesting change to the personal information.
Is it an easy process for individuals to request access to their personal information? Again, include an identity verification step.
Can employees and clients easily block the use of their personal information for direct marketing, advertising and public relations purposes?
When building or implementing processes or solutions that include automated decision-making, do you consider privacy rights at each step of the process?
If a client or employee wanted to have their information transferred to another entity, do you have a procedure in place to ensure that the information is protected and in an easily readable format?