Security Basics mailing list archives

Privacy Data Handling Policy and Procedures

From: Sgregg9520 () aol com
Date: 17 Nov 2005 20:42:40 -0000

I am working on data handling procedures for privacy related information for my customers (Chief Privacy Officer) and I 
am looking for information in the following three areas: 

1) Data Handling Procedures with identified responsible parties involved with documenting Privacy related data in 
electronic format

2) Data Handling Procedures with identified responsible parties involved with documenting Privacy related information 
in non-electronic format 

3) Privacy procedures for Data Disposition just in case application developer, database administrators or system 
administrator didn't have any formal procedures documented for privacy data. 

I am wondering if there data handling, data disposition and destructions procedures for testing /handling personal data 
or removing the data from the testing environments.  The handling of data in this case would include but not limited 
to, extra copies of test cases, reports, photo impressions, printouts, computer tape printouts, carbon paper, notes, 
and work papers as examples.   

Any suggestions would be helpful.

Current thread:

Privacy Data Handling Policy and Procedures Sgregg9520 (Nov 21)