General Compliance Topics

 View Only
  • 1.  data privacy

    Posted 10-27-2022 12:30 PM

    Do you have a short list of steps to take when collecting personally identifiable information?

    For example, if Microsoft Forms is used, in countries across the globe for whistleblowing purposes, what must be done if that info is being transmitted.

    Looking for a very short list of steps (preferably a chart) to take when PII is sent overseas.

    For example: 

    Step 1: Determine if PII is contained?
    Step 2: Determine if consent obtained.
    Step 3: Privacy policy notice drafted? and so forth.

    John Baker
    Kasai North America
    SCCE Membership

  • 2.  RE: data privacy

    Posted 10-27-2022 01:52 PM
    Edited by Steve Pavlicek 10-27-2022 01:53 PM
    Hi John,

    Not sure that this is helpful and unfortunately, I do not have the citation but it was circulated on LinkedIn. GDPR is an example of a comprehensive data protection framework that is often referred to and cited (The proposed ADPPA in the US seems to bear many similarities). The graphic below was easy to read for me and tells of the rights of data subjects. Perhaps this can be used as a guide for responsibility and data management/protection?

    Stephen (Steve) Pavlicek | Community Engagement Manager
    Society of Corporate Compliance and Ethics
    Health Care Compliance Association
    Office: 952.567.6219 | Mobile: 612.207.3172
    6462 City West Parkway | Eden Prairie, MN 55344

    SCCE Membership