cover image: A policy is not enough

Premium

20.500.12592/djx4ks

A policy is not enough

7 Sep 2012

A privacy policy cannot, by itself, protect personal information held by an organization. Privacy policies that are not reflected in actual practice through strong implementation, training, and auditing will fail to safeguard personal information against privacy risks. But if we return to the true meaning of "policy," we will be reminded that it was always intended to be rooted in action. Privacy and data protection policies must be operationalized throughout the activities of an organization.
government education politics science and technology media audit business computer security employment freedom of information threat law philosophy information system assessment best practice privacy further education educational assessment computing and information technology computing discovery (law) business process vulnerabilities privacy, right of personal information american institute of certified public accountants encryption privacy concerns

Authors

Cavoukian, Ann

Pages
20
Published in
Canada

Related Topics

All