Posted on

When collecting data, the Privacy Shield framework necessitates that data mustn’t simply be “relevant for that purpose of processing,” it requires organizations to limit collection to simply the appropriate data. For instance, should you collect information from your individual to give them tech support team for any computer, you would not request their birthdate, ssn, or other identifiers that aren’t highly relevant to your career. If you do request private information to supply tech support team, be ready to create a good argument why it’s needed.

Exactly what does Integrity mean underneath the Privacy Shield framework?

Additionally to simply collecting the data needed, the Integrity principle requires organizations to consider reasonable steps to make sure that private data is:

  • Reliable because of its intended use
  • Accurate
  • Complete
  • Current

This highlights the significance of maintaining the precision from the data you possess a good individual and making certain it’s not outdated. Consider supplying an chance for the people to review and proper data you possess about the subject as you way of addressing this requirement. Other key questions for maintaining data integrity include:

  • How can you verify that security is enforced?
  • How can you tell who’s responsible for it?
  • How can you prevent others from being able to access it?

Purpose Limitation: Using Data for any Specific Reason

This Privacy Shield principle also reaches how data collected ought to be used. Once the organization receives the customer’s data, it may just use the information with the objective that it’s been clearly collected (outlined in the online privacy policy) – unless of course the business has acquired specific and explicit permission in the customer to make use of their information for other purposes. Which means that being an organization stores the information in the systems, the information will have to be clearly marked that it is not unintentionally coupled with other data for any different purpose. Referring to my example, basically collected information from the customer to supply tech support team, and they’ve not clearly given me permission to make use of the information in different ways, i then couldn’t use that data to promote other products for them.

While there are many obligations which are connected with this particular requirement, probably the most hard to achieve is to mark all data collected with information which details the reason that it’s collected inside a significant method in which is persistent and stays using the data. This can be a perfect use situation for any taxonomy-driven metadata implementation that may both find out the sensitivity and classification from the content you’re collecting and also the purpose for collection. That kind of data classification and continuing tracking will need a significant transfer of the behaviour of numerous companies who collect data once after which ensure that it stays forever, thinking that they’re going to possess a new reason for doing things later on.

Purpose limitation does mean you need to collect very little data out of the box essential to achieve your objective. Although this may fly directly when confronted with many marketing and business practices which typically operate underneath the assumption that “more is much better,” the compliance, privacy, risk and security professionals inside your organization will help remind their business counterparts that after you have sensitive information, you have the effect of protecting it. So it’s usually better to limit your collection to what’s essential for your company purpose yet still time managing and that contains the chance of potential data breach.

Finally, security and privacy risk management should intersect along with other data lifecycle management programs in your company. Mixing these related areas will help you to better optimize sources and risk management for information assets to aid responsible, ethical, and authorized collection, use, discussing, maintenance, and disposition of knowledge.

Find out more

For further sources regarding how to get ready for the Privacy Shield framework, get the EU-US Privacy Shield Guide today!

avepoint eu-us privacy shield guide