Privacy Principles
Privacy is the right of an individual to demand the utmost care of their personal information that has been shared with any organization or individual. Individuals can demand that the use of their information is appropriate, legal, and only for the specific purpose for which the information was obtained.
The Information Systems Audit and Control Association (ISACA) describes several privacy principles that can be considered as a framework for privacy audits. The following are some of them:
- Organizations should obtain appropriate consent before the transfer of personal information to another jurisdiction.
- Organizations should specify the purposes for which personal information is collected.
- Organizations are required to retain personal information only as long as necessary.
- Organizations should have appropriate security safeguards for protecting personal information.
- Organizations should have an appropriate process for reporting compliance...