disclosure
statement
 

Protection of personal data

Implementation and operation of the control system and management strategies to ensure compliance with the legislation on personal data.

Guidelines:

Includes legislation governing the storage, use, and disclosure of personal data.

Activities may include, but are not limited to:

Providing expert advice on policies, procedures and governance

Developing privacy products, services and systems that respect customer privacy and ensure data protection

Conducting impact assessments, identifying risks, while ensuring that data is used wisely and that problems with products and services are addressed

Responding to incidents

The following regulatory changes

Creating privacy risk models and frameworks working with experts in areas such as - but not limited to - legal, public relations, training and development, procurement, security, data management, and architecture. Personal data protection: level 5.

Contributes to the development of policies, standards, and guidelines related to personal data law. Provides expert advice and guidance on implementing personal data law controls into products, services, and systems. Investigates major data breaches and recommends appropriate control improvements. Creates and maintains a registry of data subject to personal data legislation. Conducts risk assessments, business impact analyses of complex information systems, and determines any necessary changes. Ensures formal inquiries and complaints are handled in accordance with approved procedures. Prepares and submits reports and registrations to appropriate authorities.

Personal Data Protection: Level 6.

Develops strategies for compliance with personal data laws. Ensures that policies and standards for compliance with personal data laws, are up-to-date and correctly applied. Acts as the organization's point of contact for regulatory agencies. Serves as the personal data law hub for the organization, working with professionals to provide authoritative advice and guidance.