This web page from the U.S. Department of Health and Human Services includes definitions, sample business associate agreement provisions and other information to help covered entities and business associates more easily comply with the business associate contract requirements.
This sample policy addresses the use of employee-owned personal computing devices to access, with certain limitations, the Company’s computing systems.
A sample contract between an employee and employer outlining acceptable uses of company owned computing systems and data owned, operated or controlled by the company.
This voluntary Code of Conduct for mobile application (app) short notices developed through the Multi-Stakeholder Process on application Transparency convened by the United States Department of Commerce. The purpose of the short form notices is to provide consumers enhanced transparency about the data collection and sharing practices of apps that consumers use.
The UK ICO created this toolkit for health organizations as part of its ACCESS AWARE campaign aimed at helping prompt employees to recognize a request for personal information and know how to deal with it. It includes employee awareness posters and a ‘subject access request’ step-by-step guide.
The Privacy Commissioner of New Zealand developed this privacy checklist to help organizations figure out whether their client and staff information will be safe if they switch to cloud services.
This checklist from ReturnPath aims to assist marketers in complying with the CAN-SPAM Act which sets minimum standards for commercial e-mail.
This webpage from L-Soft includes a table that aims to give an overview of the basic e-mail requirements in the United States and Europe and checklists of legal requirements and best practices for e-mail.
Based on the FTC’s prior work in mobile privacy, panel discussions and written submissions, this report offers suggestions for the major participants in the mobile ecosystem as they work to improve mobile privacy disclosures.
The purpose of this guidance from the DOE and HHS is to explain the relationship between FERPA and the HIPAA Privacy Rule, and to address apparent confusion on the part of school administrators, health care professionals, and others as to how these two laws apply to records maintained on students.
This guidance from the UK Information Commissioner’s Office explains what organizations need to do to make sure they comply with the Data Protection Act when they archive or delete personal data.
This policy from the UK Information Commissioner’s Office outlines what the office will consider when deciding whether to initiate regulatory action. (August 2013)
Links to some of the approved Binding Corporate Rules, as published by Mehmet Munur, CIPP/US, of Tsibouris & Associates.
This Center for Democracy & Technology Policy Post explains how government access to identifiable health information is addressed by the PATRIOT Act, the HIPAA Privacy Rule, as well as the statutes and regulations protecting the confidentiality of patient information that is held by federally funded substance abuse treatment facilities and programs.
Page 3 of 11 pages < 1 2 3 4 5 > Last ›