What are Organizational Data Privacy and Security Policy?
It is the policy of the Organization to protect against the unauthorized access, use, corruption, disclosure, and distribution of non-public personal information. The Organization shall hold non-public personal information in strict confidence and shall not release or disclose such information to any person except as required or authorized by law and only to such authorized persons who are to receive it. The Organization shall not use any non-public personal information for any purpose other than the administration of a receivership or in the event that it assists a regulator in the supervision of an insurer. In furtherance of this policy, the Organization shall have procedures for the administrative, technical and physical safeguarding of all non-public personal information. The Organization shall ensure that an entity retained by it, or any other entity that utilizes information provided by the Organization to carry out its responsibilities, shall have signed and agreed to take on by the terms of the Data Privacy and Security Policy or shall have adopted a data privacy and security policy that is substantially similar to the Organization policy.
Figure (1): Individuals value privacy differently depending on the situation. So, 43% of people in health care said that privacy and security are so important to them. This finding is consistent with the fact that many laws now define health-related data as sensitive and are providing additional safeguards for them.
On survey in 2009 in ponemon institute (LLC) said that security breaches are on-going challenge for many organizations. Fifty-eight per cent of executives polled said they have lost sensitive personal information, and for nearly 60 per cent Of those who have had a breach, it was not an isolated event (Figure 2).
Figure (2) is a survey that reveals nearby 60% of organizations loses their sensitive data by asking them did your organization ever lose sensitive data. 58% answered yes and 31% answered no and the rest could not recall.Therefore, organizations should have procedures to protect their data. Privacy Officer
The Organization shall appoint an Information Security Officer to review and maintain the procedures and monitor compliance with the guidelines set forth in the procedures. The following tips for a good management:
1. Access to private personal information shall be limited to authorized users who need to have access to pursue the Organization’s responsibilities as it relates to that information.
2. Every employee and authorized user with access to non-public personal information shall annually sign a copy of the Organization’s Data and Privacy Security Policy and Procedures and agree to take on by its terms.
3. Except as required by law, when the Organization provides non-public personal information to third parties, it shall first provide a copy of this Data Privacy and Security Policy and require the third party to certify that it has read the policy and agrees to comply with applicable provisions, or that it has a substantially similar data privacy and security policy and that it will comply with the applicable provisions of its policy with respect to the non-public personal information provided. 4. The institution will perform a background check as further defined in the Organization’s human resources policies on employees with access to private personal information. Any third party...