Privacy and Data Security Checklist

In today’s complex and “flat-world” business environment, technology rules.  However, along with technology comes countless industry-specific, international, national and state-based regulatory schemes which dictate how, when, why and where data can be processed.  Of course, these regulatory and legal requirements are often in addition to your contractual and business obligations.  Keeping track of everything can be complicated, and appropriate compliance is not always easy or straight-forward.

In an effort to streamline the process, below is a useful checklist of items you should have in place or consider addressing to meet your various privacy and data security obligations.

__1      Written Information Security Policy

__a      Staff/employees

__b      IT department if applicable

__2      Annual (or more frequent and upon hiring) Information Security Training

__3      Determination of applicable laws, rules and regulations (i.e., HIPAA, GDPR, CCPA, etc.)

__4      Data mapping – determine what data you have, where you have it, why you have it, etc.

__5      Data retention/destruction policy (sometimes part of Information Security Policy)

__6      Data breach plan

__7      Contract analysis to determine legal obligations imposed on business by third-parties

__8      Vendor/provider analysis to determine legal compliance of vendors/third-party providers

__9      Website privacy policy (and related terms and conditions of use)

If you have any questions about any of the above, or seek additional information concerning compliance with any or all of the above items, please contact Michael J. Feldman, Esq. at or 908-964-2486.