Solve the Privacy Puzzle
Use the Web site as an example. Customers may enter PII in a form on a Web page. What happens to that data when the “Submit” button is clicked? The more complex and interactive the Web site, the more work it will take to create a complete map of the data flow. In practical terms, you might try using a large whiteboard for the project, or a large network diagram pinned on the wall. This can be a good starting point. Here are the main points that need to be documented:
* The business entity collecting the data.
* The intended use of the data.
* All potential recipients of the data.
* The nature of the data collected.
* The means by which data is collected, if not obvious (for example, passively, by means of electronic monitoring, or actively, by asking the consumer to provide the information).
* Whether providing the requested data is required or voluntary (and the consequences of refusing to provide it).
* The steps taken by the data collector to ensure the confidentiality, integrity and quality of the data.
• Respect for customer privacy has always been a priority at [Your Company].
•[Your Company] respects the privacy of customers and maintains strict customer information privacy policies.