Add to collection(s) Add to saved
  1. Business
  2. Finance

References

advertisement 
Appendix A – Document Destruction
•
“Company shall retain records for the period of their immediate or current use, unless longer
retention is required by law or to comply with contractual requirements. Such records outlined in this
policy include, but are not limited to: paper, electronic files, and voicemail records regardless of
where the document is stored, including network servers, desktop or laptop computers and
handheld computers and other wireless devices or telephones with text messaging and/or instant
messaging capabilities. Hardcopy documents will be destroyed by shredding according to the
document retention schedule. Electronic copies will be destroyed by proven means to destroy such
data according to the document retention schedule.”
•
Helpful resources
-
FTC Disposal Rule: http://www.ftc.gov/os/2004/11/041118disposalfrn.pdf
FTC: http://business.ftc.gov/documents/alt152-disposing-consumer-report-information-newrule-tells-how
The Watershed Institute:
http://www.thewatershedinstitute.org/resources/publications/FinalDocPolicy.pdf
FIPP 1, 2 and 4
Appendix B – Security
•
Helpful resources
-
SANS Institute – www.sans.org
- This website contains a number of sample security policies, including for computers,
emails, HIPAA, mobile and wireless.
- View a primer on developing security policies: http://www.sans.org/securityresources/policies/Policy_Primer.pdf
InfoSec Reading Room:
http://www.sans.org/reading_room/whitepapers/awareness/ultimate-defense-depthsecurity-awareness-company_395
FIPP 1 and 4
Appendix C – BYOD Policy Considerations
•
•
•
It is important for your company to create a BYOD policy before allowing any employee to BYOD.
For more information: http://www.citrix.com/site/resources/dynamic/additional/byod_best_practices.pdf.
Policies should include:
-
•
Employee responsibilities for devices;
Eligibility requirements and limitations for devices;
Limiting applications and/or data access;
Reservation of the right to wipe company data and/or the entire device;
A disclaimer of any liability of loss of personal applications or data;
Any other restrictions including but not limited to the use of browsers, wireless or other services;
Payment for the devices.
Security policy considerations include:
-
Require use of whole device password and/or requirements for when passwords must be changed;
The process for handling lost/stolen devices;
Timeline requirements for reporting lost/stolen devices;
Enforcement of password and other security measures;
Repair and/or upgrade of devices;
Requirement to install software.
FIPP 1, 2 and 4
Appendix D – Privacy
•
Helpful resources
-
-
FTC:
- http://www.ftc.gov/opa/2012/03/privacyframework.shtm
- http://www.ftc.gov/privacy/coppafaqs.shtm
- http://business.ftc.gov/documents/bus55-getting-noticed-writing-effective-financial-privacynotices
For mobile app developers visit: https://www.cdt.org/report/best-practices-mobile-applicationsdevelopers
FIPP 1, 2 and 4
Related documents
Chapter 8 Operational Data Tools
Chapter 8 Operational Data Tools
Scavenger Hunt
Scavenger Hunt
ftc_direct_tv - Consumer Watchdog
ftc_direct_tv - Consumer Watchdog
FTC Update - Online Lenders Alliance
FTC Update - Online Lenders Alliance
State University of New York  Committee on Curriculum    Agenda for March 4, 2013 Meeting 
State University of New York  Committee on Curriculum    Agenda for March 4, 2013 Meeting 
FI-Regulations
FI-Regulations
Oesophageal Doppler
Oesophageal Doppler
Deceptive Advertising: A Summary of Case Studies
Deceptive Advertising: A Summary of Case Studies
Deceptive Advertising: A Summary of Case Studies
Deceptive Advertising: A Summary of Case Studies
Powerpoint slides for Chapters 10, 11, 12, and 13
Powerpoint slides for Chapters 10, 11, 12, and 13
Power Point Presentation
Power Point Presentation
Vicarious Liability in FTC Practice
Vicarious Liability in FTC Practice
Download
advertisement