Privacy Assessment

Privacy Assessment

An assessment of an organization’s compliance with its privacy policies and procedures, applicable laws, regulations, service-level agreements, standards adopted by the entity and other contracts. The assessment or audit measures how closely the organization’s practices align with its legal obligations and stated practices and may rely on subjective information such as employee interviews/questionnaires and complaints received, or objective standards, such as information system logs or training and awareness attendance and test scores. Audits and assessments may be conducted internally by an audit function or by external third parties. While assessments and audits may be conducted on a regular or scheduled basis, they may also arise ad hoc as the result of a privacy or security event or due to a request from an enforcement authority.

    • Related Articles

    • How long will it take to complete the self assessment questionnaire?

      It is estimated that it will take one hour to complete the Readiness self-assessment questionnaire.  A self-assessment may take longer should consultation or research be required to answer some of the questions.  Progress within the self-assessment ...
    • Privacy Notice

      A statement made to a data subject that describes how the organization collects, uses, retains and discloses personal information. A privacy notice is sometimes referred to as a privacy statement, a fair processing statement or sometimes a privacy ...
    • Privacy Policy

      A policy that documents and governs an organization’s or entity’s handling practices of personal information. A Privacy Policy provides information regarding the organization, describes how the organization collects, uses, retains and discloses ...
    • Vulnerability Assessment

      Also, known as vulnerability analysis, is a process that defines, identifies, and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure.
    • Risk Assessment

      A systematic process of evaluating the potential risks that may be involved in a projected activity or undertaking. In other words, identify potential hazards and analyze what could happen if a hazard occurs, specifically as it pertains to data ...