Horizons Global Consulting
your privacy and security management partner
 

APS Group Home Page.
About APS Group.
APS Group Services.
APS Group Library.
Links of Interest.
Contact APS Group.
     
 

Steps to Privacy Management

1.

Designate a privacy officer or a privacy team who are specifically responsible for privacy strategy and policy.

2.

Take an inventory of personal information collection practices:

  • What type of information do you collect? How sensitive is it?
  • What are the sources?
  • Why is it collected?
  • How is it used?
  • Where is it stored?
  • Who can see it?
  • How is it disposed of?
  • What security measures are in place throughout?

3.

Conduct an objective self-assessment - put your customer's hat on - what would you think of your practices? How would you expect your personal information to be treated?

4.

Develop your privacy policy in consultation with all key stakeholders. Ensure your policy meets legislative requirements at a minimum, but go beyond compliance to best practice whenever possible. When in doubt, ask: 'What would our customer think?'

5.

Develop supporting procedures and systems, including changes to forms. Procedures should cover consent, inquiries, individual access, complaint handling and security measures. Take this opportunity to streamline your processes and eliminate duplication of effort and information.

6.

Enable and implement all of the technical security and privacy safeguards that exist in your information systems, especially for sensitive information.

7.

Ensure that all contracts with third parties that access or process personal information adequately address privacy issues.

8.

Communicate to and train staff, contractors and volunteers on your privacy policies and practices and on security awareness.

9.

Provide information on your policies and practices to customers, subscribers and donors (e.g. brochures, posters, websites, forms).

10.

Follow up on a regular basis (at least annually) to ensure compliance with your privacy policy, revise as necessary.

Sound like a lot of work? We can help with all of it! Just ask us!

APS Group principals are available to present on information security and privacy to business, schools and non-profit groups, as part of our community awareness programs.