The work challenge is to guide the useful and relevant preparation and content development of a documented guidance on the “what and how” of protecting the privacy of personal data in digital technology-enabled services of engaging a person with a right to be “let alone.” The privacy management manual communicates acceptable, actionable, and auditable knowledge sources, decision-making, and compliance activities. The content makes evident the quality management system in protecting the privacy of personal data in the organization. It connects the user to the questions of understanding the laws, rules, and regulations.
1. User story of personal data and processing system; data privacy violation; and exercise of privacy rights
2. Conformity test of information and communication system with privacy principles, lawful criteria, and security measure
3. Compliance pieces of evidence, activities, and procedures to support information confidentiality, process integrity, system availability, and privacy right of personal data protection
4. Role, accountability, and responsibility matrix in data privacy management of the organization.
5. Breach response team and security incident response playbook
6. Complaint handling and rules of procedures, and criminal investigation
The data privacy manual communicates privacy and security policies, and the agreed manner of acting the rules and standards. It serves as the learning material in personnel orientation or awareness training.
The privacy notification reflects the documented understanding and agreement between the personal information controller and processor on the what and how of protecting privacy in personal data collection, retention, use, sharing, and disposal.
The privacy notification, compliance reporting, DPO oversight activity, and personnel training are by default aligned with the published data privacy manual in the workplace of personal data processing.
jmlogic: Knowledge & Technology 