In today’s complex and “flat-world” business environment, technology rules. However, along with technology comes countless industry-specific, international, national and state-based regulatory schemes which dictate how, when, why and where data can be processed. Of course, these regulatory and legal requirements are often in addition to your contractual and business obligations. Keeping track of everything can be complicated, and appropriate compliance is not always easy or straight-forward.
In an effort to streamline the process, below is a useful checklist of items you should have in place or consider addressing to meet your various privacy and data security obligations.
__1 Written Information Security Policy
__a Staff/employees
__b IT department if applicable
__2 Annual (or more frequent and upon hiring) Information Security Training
__3 Determination of applicable laws, rules and regulations (i.e., HIPAA, GDPR, CCPA, etc.)
__4 Data mapping – determine what data you have, where you have it, why you have it, etc.
__5 Data retention/destruction policy (sometimes part of Information Security Policy)
__6 Data breach plan
__7 Contract analysis to determine legal obligations imposed on business by third-parties
__8 Vendor/provider analysis to determine legal compliance of vendors/third-party providers
__9 Website privacy policy (and related terms and conditions of use)
If you have any questions about any of the above, or seek additional information concerning compliance with any or all of the above items, please contact Michael J. Feldman, Esq. at or 908-964-2486.