Add to collection(s) Add to saved
  1. Business
  2. Management

Accountability - PRINCIPLEv.1

advertisement 
PRINCIPLE: Accountability
DEFINITON AND DESCRIPTION:
Accountability: a demonstrable acknowledgement and assumption of responsibility for having in place
appropriate policies and procedures, and promotion of good practices that include correction
and remediation for failures and misconduct. It is a concept that has governance and ethical
dimensions. It envisages an infrastructure that fosters responsible decision-making, engenders
answerability, enhances transparency and considers liability. It encompasses expectations that
organisations will report, explain and be answerable for the consequences of
decisions about the protection of data. Accountability promotes implementation of practical mechanisms
whereby legal requirements and guidance are translated into effective protection for data.
(CIPL, 2010) Demonstrating and Measuring Accountability A Discussion
Document
http://www.huntonfiles.com/files/webupload/CIPL_Accountability_Phase_II_Pa
ris_Project.PDF
Frameworks Where the Principle Appears
APEC “A personal information controller should be accountable for
complying with measures the above.” (Paragraph 26)
OECD “A data controller should be accountable for complying with
measures which give effect to the principles stated above.” (Paragraph 14)
Accountability and Auditing: Organizations should be accountable for complying
with these principles, providing training to all employees and contractors who use PII,
and auditing the actual use of PII to demonstrate compliance with these principles and
all applicable privacy protection requirements. (NSTIC)
Ombudsmen. OITF Providers must ask governments where they do business to
designate independent ombudsmen whose role is to look after the interests of
individual users under their respective jurisdictions, and they must ensure that the
OITF is designed to allow these ombudsmen to do their job. If law requires the
sharing of identity information (including biometric data, behavioral data, and social
graphs) without the informed consent of the person in question, parties to the OITF
who are ordered to share this information must involve the ombudsmen. (OITF WP)
A record-keeping organization shall be accountable for its personal-data recordkeeping policies, practices, and systems. (The Accountability Principle) (HHS;
Section 8)
CONTROLS ASSOCIATED WITH THE PRINCIPLE
Accountability: Reporting made by the business process and technical systems which
implement privacy policies to the individual or entity accountable for ensuring compliance
with those policies, with optional linkages to sanctions. (ISTPA)
Privacy promises - Accountable organisations fufill the promises stated in their
privacy policies. (CIPL)
(1) Policies
(2) Executive oversight
(3) Staffing and delegation
(4) Education and awareness
(5) Ongoing risk assessment and mitigation
(6) Program risk assessment oversight and validation
(7) Event management and complaint handling
(8) Internal enforcement
(9) Redress
INTERACTIONS WITH OTHER PRINCIPLES
-
Organisations are accountable for their notices
APPLIES TO INTERNAL OPERATION OR EXTERNAL PARTICIPANTS
Applied to the internal operations and actions of an organisation.
Related documents
Solution Summary template
Solution Summary template
Creating a Culture of Accountability
Creating a Culture of Accountability
Quarter 4 / Lesson 1
Quarter 4 / Lesson 1
(company) safety culture commitment
(company) safety culture commitment
Team Operating Principles
Team Operating Principles
as a Word document
as a Word document
Coaching and Accountability
Coaching and Accountability
Raising Accountable Young People
Raising Accountable Young People
Just Culture Goals final deidentified - mha
Just Culture Goals final deidentified - mha
Web Accountable Systems: 20
Web Accountable Systems: 20
Download
advertisement