The Privacy Best Practices Guidance Handbook

Purpose:

The Privacy Best Practices Guidance Handbook is a go-to platform providing guidance for information privacy programmes and support with rights management for organisations and individuals. The handbook is designed to build awareness of best practices and inspire creative ways to address privacy challenges and nuances.


PrivCom's multi-phase engagement strategy:

  • We start in Phase 1. Explore the platform for easy best practice tips & hacks for each topic listed below. There is also a short (but handy) Accountability Check for organisations of all sizes which can be useful when reviewing (or drafting new) privacy-related policies and practices.

  • In Phase 2, we will analyse the section in PIPA that aligns with each best practice. Be sure to have a look at the scenarios included in this phase to help with the application of the tips and hacks shared in Phase 1. 

  • Finally, Phase 3 will include videos by senior privacy team or a privacy pro with creative solutions that can be applied to each topic challenge. This is where you can get involved!

    • Submit your challenge or question by clicking on the "Challenges? Bubble" below at any time and a member of PrivCom's engagement unit will be in touch with support. Plus, your question/challenge may be chosen by our featured experts for a video during Phase 3.

Logging and tracking requests

Your organisation logs receipt of all verbal and written privacy rights requests from individuals and updates the log to track the handling of each request.

Logging and tracking requests

Privacy programme resources

You have appropriate resources in place to handle requests from individuals about their personal information.

Privacy programme resources

Errors and Corrections

Your organisation has appropriate systems and procedures to change inaccurate information, add additional information to incomplete records or add a supplementary statement where necessary.

Errors and Corrections

Timely responses

You deal with requests from individuals in a timely manner that meets individual expectations and statutory timescales.

Timely responses

Monitoring and evaluating performance

Your organisation monitors how your staff handle requests and you use that information to make improvements.

Monitoring and evaluating performance

Informing individuals & identifying requests

You inform individuals about their rights and all team members are aware of how to identify and deal with both verbal and written requests.

Informing individuals & identifying requests

Privacy grievances & complaints

Your organisation has procedures to recognise and respond to individuals' complaints about information privacy & protection, and individuals are made aware of their right to complain.

Privacy grievances & complaints

Data portability

Individuals are able to move, copy, or transfer their personal information from your organisation to another securely, without affecting the data.

Data portability

Restrict usage

Your organisation has appropriate methods and procedures in place to restrict the processing of personal information, if required.

Restrict usage

Erasure

You have appropriate methods and procedures in place within your organisation to delete, halt, or stop processing personal information, if required.

Erasure

Rights related to automated decision-making and profiling

Your organisation can protect individual rights related to automated decision-making and profiling, particularly where the processing is solely automated with legal or similarly significant effects.

Rights related to automated decision-making and profiling