As a privacy assessor, what would most likely be the first artefact you would ask for while assessing an organization which claims that it has implemented a privacy program?
A.
Privacy risk management framework
B.
Records of privacy specific training imparted to the employees handling personal information
C.
Personal information management policy
D.
Records of deployed privacy notices and statements
This artefact not only outlines governance structures and responsibilities but also links to other aspects such as risk management, compliance tracking, and privacy notices. Hence, it is the logical first document for a privacy assessor to request.
==============
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit