-
What personal
information about customers and employees does your business collect and
retain?
-
What personal
information is used in carrying out business transactions (for example, sales,
marketing, fundraising)?
-
What privacy
policies has your business established with respect to the collection, use,
disclosure and retention of personal information?
-
What personal
information does your business obtain from, or disclose to, affiliates or
third parties, for example, in payroll outsourcing?
-
How does your
business plan address the privacy of personal information?
-
Is the
owner/manager able to assign someone the responsibility for compliance with
privacy legislation?
-
If so, has the
individual responsible for privacy compliance been given clear authority to
oversee the information handling practices of the business; and are adequate
resources allocated to facilitating and maintaining such a program?
-
How are the
owner/manager and any employees with access to personal information trained in
privacy protection?
-
To comply with
established privacy policies, what objectives are set for the business?
-
To what extent
have appropriate privacy control measures been identified and implemented?
-
What are the
consequences of not meeting the specific privacy objectives?
-
How is the
effectiveness of the privacy control measures monitored and reported?
-
What
mechanisms are in place to deal with contraventions of the privacy policies
and procedures?
-
Has the
owner/manager considered the services available from an independent assurance
practitioner with respect to online privacy?
