Chapter 2 - Privacy Principles
Chapter 2 - Privacy Principles
Chapter 2 - Privacy Principles
Good practices to ensure consistent approach on AFTER THE PRIVACY IMPACT ANALYSIS
privacy includes: ● Create a consistent format and structured
a) Privacy should be considered from the process for analyzing technical and legal
outset and built by design compliance with relevant regulations and
- It should be systematically built into internal policies
policies, standards, and procedures ● The structured process provides a
from the beginning. framework to ensure that privacy is
b) Private data should be collected fairly in an considered in all IT projects, from the
open and transparent manner conceptual and requirements analysis stage
- Only the data required for the to the final design approval, funding,
purpose should be collected in the implementation and communication stage, to
first instance. assure that privacy compliance is built into
c) Private data should be kept securely projects rather than retrofitted
throughout the life cycle
d) Private data should only be used for the Figure 5.3 – Changes That Impact Privacy
purpose for which they were collected
Technology Processes People
e) Private data should be accurate, complete
- New programs - Change - Business partners
and current (or up to date) - Changes in existing management - Service providers
f) Private data should be deleted when they programs - Business process
are no longer needed - Additional system reengineering
linkages - Enhanced
- Data warehouse accessibility rules
1
Chapter 2: Privacy Principles