Guidelines for the Stage of Implementation - Self-Assessment Activity

Similar documents
This policy sets out how Legacy Foresight and its Associates will seek to ensure compliance with the legislation.

Photography and Videos at School Policy

Protection of Privacy Policy

Privacy Policy SOP-031

2018 / Photography & Video Bell Lane Primary School & Children s Centre

Hong Kong Personal Data Protection Regulatory Framework From Compliance to Accountability

CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: Safeguarding Policy Data Protection Policy

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

1 SERVICE DESCRIPTION

CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: T:Drive. Safeguarding Policy Data Protection Policy

Violent Intent Modeling System

Privacy by Design: Integrating Technology into Global Privacy Practices

Personal Data Protection Competency Framework for School Students. Intended to help Educators

Staffordshire Police

This Privacy Policy describes the types of personal information SF Express Co., Ltd. and

Vital Records Data Practices Manual

Privacy Procedure SOP-031. Version: 04.01

Winthrop Primary School

DNVGL-CG-0214 Edition September 2016

THE UNIVERSITY OF AUCKLAND INTELLECTUAL PROPERTY CREATED BY STAFF AND STUDENTS POLICY Organisation & Governance

PRIVACY IMPACT ASSESSMENT

Bank of England Framework for the Testing of Automatic Banknote Handling Machines

FIPPs Fair Information Practice Principles

Nymity Demonstrating Compliance Manual: A Structured Approach to Privacy Management Accountability

Fiscal 2007 Environmental Technology Verification Pilot Program Implementation Guidelines

GDPR Implications for ediscovery from a legal and technical point of view

Top 10 Reasons NOT to get Organized

Photography Policy: Taking, storing and using images

Digital Preservation Policy

June 2014 For any information or queries relating to fundraising for headspace, please contact:

Client s Statement of Rights & Responsibilities*

Pickens Savings and Loan Association, F.A. Online Banking Agreement

IET Guidelines for Volunteers: Data Protection

Guidelines for Use/Disclosure of Photographic and Video Images of Children and Youth

RULES AND REGULATIONS. Title 58 - RECREATION PENNSYLVANIA GAMING CONTROL BOARD [58 PA. CODE CH. 525] Table Game Internal Controls

Standards and privacy engineering ISO, OASIS, PRIPARE and Other Important Developments

F98-3 Intellectual/Creative Property

Information Governance Policy

Lewis-Clark State College No Date 2/87 Rev. Policy and Procedures Manual Page 1 of 7

Guide to the Requirements for Public Information and Disclosure GD-99.3

Diana Gordick, Ph.D. 150 E Ponce de Leon, Suite 350 Decatur, GA Health Insurance Portability and Accountability Act (HIPAA)

Privacy Law in Canada: Obligations and Risks in the Cyber Age Dina L. Maxwell Associate Lawyer

Disposing of objects you may not own

DISPOSITION POLICY. This Policy was approved by the Board of Trustees on March 14, 2017.

OPINION Issued June 9, Virtual Law Office

DEPARTMENT OF PUBLIC SAFETY DIVISION OF FIRE COLUMBUS, OHIO. SOP Revision Social Media Digital Imagery

The European Securitisation Regulation: The Countdown Continues... Draft Regulatory Technical Standards on Content and Format of the STS Notification

Privacy by Design Assessment and Certification. For discussion purposes only

STUDENT GUIDE Version 1.3 FINAL

Type Approval JANUARY The electronic pdf version of this document found through is the officially binding version

DETERMINATION OF POPULATION REGULATION

St. Philip Parish Richmond, ON

Future of the Draft International Code of Conduct as the Linchpin of the Space Security and Safety

Seychelles Civil Aviation Authority SAFETY NOTICE. Coding and registration of Seychelles 406 Mhz Emergency Locator Transmitters (ELTs)

EXIN Privacy and Data Protection Foundation. Preparation Guide. Edition

JANUARY. DATE ACTIVITY ORC Reference NOTES 1st day of January after election

Data Protection and Information Security. Photography and Filming - Guidelines for the use of Personal Data

Loyola University Maryland Provisional Policies and Procedures for Intellectual Property, Copyrights, and Patents

Key & Access Policy - DRAFT

Corporate Services. Yes. Chief Executive Officer. Head of Legal and Compliance. Policy and Compliance Officer

Guidelines for Completion of a Youth Application

ARTICLE 29 Data Protection Working Party

What does the revision of the OECD Privacy Guidelines mean for businesses?

Privacy Policy Framework

DNVGL-CP-0338 Edition October 2015

Identifying and Managing Joint Inventions

NHS Greater Glasgow and Clyde Health Board. Policy on the Management of Intellectual Property

Use of Photographs (Senior School) Policy

Committee on Development and Intellectual Property (CDIP)

Privacy Impact Assessment Desk Reference Guide

BSA COMMENTS ON DRAFT PERSONAL DATA PROTECTION ACT

Radiocommunication Facility Review Protocol

Global Alliance for Genomics & Health Data Sharing Lexicon

FACULTY OF ENGINEERING & INFORMATION TECHNOLOGIES RESEARCH DATA MANAGEMENT PROVISIONS 2015

Contents. 1. Play and Control PLAYING RULES POST. International Correspondence Chess Federation. Valid from 01/01/2017

NOTIFICATION FOR PRIOR CHECKING INFORMATION TO BE GIVEN(2)

- 2 - "I HATE MY PC" includes all other joint ventures and licensees of CHEQUERED GECKO Pty Ltd.

Using the Tax Research Center

2018 Federal Scientists Survey FAQ

GUITAR PRO SOFTWARE END-USER LICENSE AGREEMENT (EULA)

Engineering Drawing System

UK Research and Innovation Conflicts of Interest Policy

Ocean Energy Europe Privacy Policy

INTERMODAL PLANNING COMMITTEE TERMS OF REFERENCE

Invention SUBMISSION BROCHURE PLEASE READ THE FOLLOWING BEFORE SUBMITTING YOUR INVENTION

California State University, Northridge Policy Statement on Inventions and Patents

DETERMINATION OF POPULATION REGULATION

HOUSE OF COMMONS JOB DESCRIPTION

SECTION 13. ACQUISITIONS

REQUEST FOR EXPRESSIONS OF INTEREST

June 2014 For any information or queries relating to fundraising for headspace, please contact:

Policy on Patents (CA)

Retention Policy. Destroy

Municipal Census Manual

Herts Valleys Clinical Commissioning Group. Review of NHS Herts Valleys CCG Constitution

INTERNATIONAL. Medical device software Software life cycle processes

STATEMENT OF WORK Environmental Assessment for the Red Cliffs/Long Valley Land Exchange in Washington County, Utah

Sacramental Records. Jennifer Haselberger Chancellor for Canonical Affairs

Air Monitoring Directive Chapter 9: Reporting

2

Transcription:

GUIDELINES FOR PRIVACY AND INFORMATION MANAGEMENT (PIM) PROGRAM SELF-ASSESSMENT ACTIVITY Guidelines for the Stage of Implementation - Self-Assessment Activity PURPOSE This tool is for the use of school board/authority members to identify where on the continuum their department/school or board/authority is with respect to each of the program elements identified through the PIM Toolkit. Note: It is suggested that participants read the referenced documents prior to undertaking the self-assessment in order to gain an understanding of the expectations of the categories and, therefore, to have a context for the self-assessment activity. Process Protocol 1. Start by having each team member independently identify (by placing a dot using a coloured marker) where on the team continuum the department/school or system is with respect to each of the program elements identified down the far left column. 2. Have participating team members independently provide an example of evidence to support their stage selection in each of the blank boxes corresponding to the program element and stage selected. 3. Next, have each participant transfer his/her stage selection to the Team Self-Assessment Activity Template. Post the sheet on a wall or centre on the table for a group review. The markers allow all team members to see how much they are in agreement with one another. 4. When all dots/marks have been placed on the team continuum, have team members reflect/brainstorm on where there is agreement or disagreement among the ratings. 5. Start with the first principle element and have team members discuss why they believe the department/school/system is where they rated it. Have team members continue this discussion until the team comes to a consensus on one stage that reflects where the department/school/ system is right now. 6. Have team members brainstorm on possible next steps for moving toward the next stage along the continuum. Self-Assessment 1

PRIVACY AND INFORMATION MANAGEMENT (PIM) PROGRAM SELF-ASSESSMENT ACTIVITY SELF-ASSESSMENT ACTIVITY Program Elements Level 1 Level 2 Level 3 Level 4 The system has not yet begun to address the program element. An effort has been made to address the program element, but the effort impact a critical mass. endorsed the program element. Members are beginning to modify their thinking and practice as they attempt to implement the program element. The program element is deeply embedded in the system s culture. It represents a driving force in the daily work of the system. It is so internalized that it can survive changes in keypersonnel. Foundational Program Elements Privacy Standard The privacy standard helps to foster a culture of privacy with respect to the way Ontario school boards/authorities collect, use, disclose, secure, retain, and dispose of personal information. DR DRAFT Record and Information Management Framework The record and information on management framework establishes a vision, goals, objectives, principles, and practices which are guided Dd d by legislation, policies, standards, and guidelines Dto support effective information management Dt in school boards. RAF Self-Assessment 2

PRIVACY AND INFORMATION MANAGEMENT (PIM) PROGRAM SELF-ASSESSMENT ACTIVITY SELF-ASSESSMENT ACTIVITY Program Elements Level 1 Level 2 Level 3 Level 4 The system has not yet begun to address the program element. An effort has been made to address the program element, but the effort impact a critical mass. endorsed the program element. Members are beginning to modify their thinking and practice as they attempt to implement the program element. The program element is deeply embedded in the system s culture. It represents a driving force in the daily work of the system. It is so internalized that it can survive changes in keypersonnel. Data and Information Management Privacy Policy A written declaration that spells out the details of a school board s/authority s policy on the type of personal information it collects, how it uses that information, and how the information can be shared with third parties. DRAFT Access and Control The access and control matrices Datrices are frameworks that will guide boards in Dtheir journey to identify, inventory, understand, and manage the requirements for access to personal information Dormation and personal information banks in support Dport of the varied roles and duties within the organization. anizationḋanization. Self-Assessment 3

PRIVACY AND INFORMATION MANAGEMENT (PIM) PROGRAM SELF-ASSESSMENT ACTIVITY SELF-ASSESSMENT ACTIVITY Program Elements Level 1 Level 2 Level 3 Level 4 The system has not yet begun to address the program element. An effort has been made to address the program element, but the effort impact a critical mass. endorsed the program element. Members are beginning to modify their thinking and practice as they attempt to implement the program element. The program element is deeply embedded in the system s culture. It represents a driving force in the daily work of the system. It is so internalized that it can survive changes in keypersonnel. Data and Information Management (cont d) Model Classification Scheme and Retention Schedule The model classification scheme and retention schedule is intended to provide a recommended classification methodology, legal citation table of retention periods, and recommended retention guidelines for school board/authority recorded information. DRAFT Electronic Documents Dnd and Records Management System The electronic information Don landscape is growing rapidly school boards/authorities need to consider effective ways to manage Delectronic and records. documentsraft Self-Assessment 4

PRIVACY AND INFORMATION MANAGEMENT (PIM) PROGRAM SELF-ASSESSMENT ACTIVITY SELF-ASSESSMENT ACTIVITY Program Elements Level 1 Level 2 Level 3 Level 4 The system has not yet begun to address the program element. An effort has been made to address the program element, but the effort impact a critical mass. endorsed the program element. Members are beginning to modify their thinking and practice as they attempt to implement the program element. The program element is deeply embedded in the system s culture. It represents a driving force in the daily work of the system. It is so internalized that it can survive changes in keypersonnel. Information Protection/Operational Control Password Procedures In a school board/authority environment, it is not uncommon for most employees to have multiple passwords for access to email, voice mail, computer applications, and portals. Every school board/authority should have a password strategy in place as part of the overall security strategy. DRAFT Privacy and Information DSecurity Guidelines School boards/authorities should have a variety of policies and/or procedures to guide the identification of areas of risk and strategies for the development of in internal procedure or regulation (e.g., guidelines for working outside the office, for cross-panel sharing of student information, for the use of Privacy and Confidentiality ty agreements and website, for videosurveillance, and for video conferencing guidelines). guidelines)ṛaft Self-Assessment 5

PRIVACY AND INFORMATION MANAGEMENT (PIM) PROGRAM SELF-ASSESSMENT ACTIVITY SELF-ASSESSMENT ACTIVITY Program Elements Level 1 Level 2 Level 3 Level 4 The system has not yet begun to address the program element. An effort has been made to address the program element, but the effort impact a critical mass. endorsed the program element. Members are beginning to modify their thinking and practice as they attempt to implement the program element. The program element is deeply embedded in the system s culture. It represents a driving force in the daily work of the system. It is so internalized that it can survive changes in keypersonnel. Information Protection/Operational Control (cont d) Data Encryption Encryption is a secure process for keeping personal and confidential information private. It is a process by which bits of data are mathematically jumbled using a password key. The encryption process makes the data unreadable unless or until decrypted. DRAFT Information Technology DEquipment Hardware Disposal and Redistribution Dtion Guidelines All school board/authority computer systems, electronic devices, and electronic storage media should be purged of sensitive personal or confidential data when it is no longer needed or before reuse of such equipment to ensure the continued protection of personal and corporate privacy. privacyṙaft Self-Assessment 6

PRIVACY AND INFORMATION MANAGEMENT (PIM) PROGRAM SELF-ASSESSMENT ACTIVITY SELF-ASSESSMENT ACTIVITY Program Elements Level 1 Level 2 Level 3 Level 4 The system has not yet begun to address the program element. An effort has been made to address the program element, but the effort impact a critical mass. endorsed the program element. Members are beginning to modify their thinking and practice as they attempt to implement the program element. The program element is deeply embedded in the system s culture. It represents a driving force in the daily work of the system. It is so internalized that it can survive changes in keypersonnel. Risk Management Privacy Impact Assessment (PIA) A PIA is an assessment framework used to identify the actual or potential risks that a proposed or existing information system, technology, or program may have on an individual s privacy. Privacy Breach Protocol DRAFT The protocol is designed to help Ontario school boards/ authorities contain and respond to incidents involving unauthorized disclosure Df of personal information.raft Self-Assessment 7

PRIVACY AND INFORMATION MANAGEMENT (PIM) PROGRAM SELF-ASSESSMENT ACTIVITY SELF-ASSESSMENT ACTIVITY Program Elements Level 1 Level 2 Level 3 Level 4 The system has not yet begun to address the program element. An effort has been made to address the program element, but the effort impact a critical mass. endorsed the program element. Members are beginning to modify their thinking and practice as they attempt to implement the program element. The program element is deeply embedded in the system s culture. It represents a driving force in the daily work of the system. It is so internalized that it can survive changes in keypersonnel. Risk Management (cont d) Privacy Notification Privacy notification statements explain how personal information will be treated as individuals interact with a school board/authority or school. These statements assure both internal and external publics that the personal and confidential information they provide will be handled appropriately. DRAFT Self-Assessment 8

PRIVACY AWARENESS CHECKLIST PURPOSE Ontario school boards/authorities should use this checklist as they feel appropriate as a means of gauging how aware staff are about protecting privacy. Staff should reflect upon their responses and act when they can. This is an awareness-enhancing exercise first. Introduction In accordance with the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), the Personal Health Information Protection Act (PHIPA), and the Personal Information Protection and Electronic Documents Act (PIPEDA), all Ontario school board/authority employees are responsible for the protection of personal, confidential, and sensitive information entrusted to them. They should be aware of privacy policies, procedures, and practices. Personal information is secured and protected from unauthorized access, disclosure, and inadvertent destruction by adhering to safeguards appropriate to the sensitivity of the information. This tool is designed to raise your level of awareness of privacy issues. Do not hesitate to contact your school board s/authority s Freedom of Information Coordinator at telephone number if you have any questions. DO YOU FOLLOW YOUR PRIVACY POLICY AND/OR PROCEDURE? A. Security of Personal, Confidential, or Sensitive Information Yes No N/A 1. Are all hard copies of personal, confidential, or sensitive information stored in lockable filing cabinets? 2. Have I safeguarded all electronic personal information records maintained in password-protected databases? 3. Do I refrain from storing personal, confidential, or sensitive information on a Shared Network Drive? 4. Do I immediately pick up any personal, confidential, or sensitive records sent to printer, photocopier or received by fax? 5. If I notice personal, confidential, or sensitive information left at the printer/copier/fax machines, do I immediately retrieve them and/or return them to the owner? 6. Before sending personal, confidential, or sensitive information via email, have I considered taking precautions such as removing personal information? Self-Assessment 9

PRIVACY AWARENESS CHECKLIST Yes No N/A 7. Have I considered alternatives to faxing personal, confidential, or sensitive information? If such information must be faxed, have the following precautions been taken: Ensure that a fax cover sheet is used that contains contact information of both the sender and recipient with the mention Confidential? Call the intended recipient immediately before and after sending the fax to ensure receipt and immediate pick-up? Print and check a confirmation activity sheet to ensure that the fax reached its intended recipient? Retrieve originals from the fax machine as soon as completed? 8. If it is necessary to take information out of the office, have all necessary precautions been taken to ensure that it is protected? Is it possible to only take non-confidential/ sensitive information? If not, do I have managerial approval to take personal, confidential, or sensitive information from the workplace? 9. Are computer access rights reviewed and updated regularly to ensure that I do not have access to personal information that I do not need to perform my duties and responsibilities? 10. Am I following the procedures in place for safeguarding personal information on laptops, memory sticks, personal digital assistants (PDAs, e.g., BlackBerry devices), etc.? Comments: B. Limitation of Collection, Use, Retention, and Disclosure of Personal Information Yes No N/A 1. Do I need to collect, use, or disclose identifiable personal information to perform my duties and responsibilities? 2. If I need identifiable personal information, do I need to obtain the consent of the individual to whom the information relates before collecting, using or disclosing their personal information? 3. Do I limit my collection, use, or disclosure of personal information to only that which I require to perform my duties and responsibilities? 4. Is there a clear purpose for each type of personal information that I collect, use, retain, or disclose? Self-Assessment 10

PRIVACY AWARENESS CHECKLIST Yes No N/A 5. Do I provide a notice to individuals whenever their personal information is collected, e.g., on forms, surveys, websites, etc.? 6. Is all the personal information that I use or disclose utilized for the purpose for which it was collected, or for a consistent purpose? 7. Do all notices of collection that I use provide the specific purposes of collection, the legal authority for collection, and the contact information for an official who can answer questions about the purposes of collection? 8. Do I know who in my workplace is responsible for maintaining records retention schedules? 9. Do I securely dispose of (i.e., destroy or store) personal, confidential, or sensitive information in accordance with established records retention schedules? 10. Do I know when it is appropriate to destroy personal, confidential, or sensitive information? When destroying such information, do I place it in the appropriate shredding bins? 11. Am I aware that all information stored in the memory of electronic devices (e.g., personal computers, printers, photocopiers, fax machines, etc.) has to be deleted permanently prior to their removal from the office? Comments: C. Workstation Security Yes No N/A 1. Am I using a password-protected screen saver and is it set to turn on after five minutes of inactivity? 2. Do I always log off or sign out of applications I am not using, and close the browser window? 3. Do I always shut down my computer at the end of the day? 4. Have I positioned my monitor so that casual observers cannot view personal, confidential or sensitive information? 5. Have I adopted a clean desk model so that no personal, confidential or sensitive information or material is left unsecured at my desk? 6. Do I make a habit of checking that my desk drawers, filing cabinets, and/or door are locked when I leave for the day? Comments: Self-Assessment 11

PRIVACY AWARENESS CHECKLIST D. Accuracy Yes No N/A 1. Am I following the procedures in place to update personal information to ensure that it is still accurate? 2. Am I following the procedures in place so that individuals can update their own personal information so that it is still accurate? 3. Am I following the procedures in place for informing third party service providers to whom personal information has been disclosed that the information has been updated? 4. Do I note on the record if individuals have disputed the accuracy of their personal information, so that subsequent users of the personal information are aware of it? Comments: E. Third-Party Service Providers Yes No N/A 1. When personal information is shared with, or collected, used or disclosed by a third party service provider under an arrangement with the Ontario school board/authority, am I making sure that the provider follow its own privacy policies, procedures, and practices? 2. Am I verifying that there is a written agreement in place with any third party service provider with which I am sharing personal information, or if the provider has permission to collect, use, or disclose personal information on behalf of the Ontario school board/authority? 3. If the answer to the question above is Yes, do I monitor compliance with any agreement with a third party service provider? Comments: F. School and Classroom Yes No N/A 1. Ontario Student Records (OSR) and Office Index Cards are securely stored in the main office of the school and are only accessible by authorized personnel in the main office of the school. 2. School staff have received training and are aware of the Ontario School Board/ Authority s Privacy and Access to Information Policy. 3. Teachers and administrators notes and other instruction-related information about students is secured in the classroom or office in the school. Self-Assessment 12

PRIVACY AWARENESS CHECKLIST Yes No N/A 4. Information about a student(s) is shared only with other staff in the school who are assigned to work with the student(s), and only as needed to improve the education of the student(s). 5. Full names of students and other personal information and/or photographs do not appear on work displayed in the school, on websites and/or in newsletters. 6. Information related to student(s) is shared outside the classroom for educational purposes only with consent or notification of parent(s) or guardian(s). Comments: G. Privacy Breaches Yes No N/A 1. I am aware of my obligation to immediately report a suspected or actual privacy breach to my supervisor and the school board s/authority s Freedom of Information Coordinator. 2. I am aware of the Ontario school board/authority s Responding to a Suspected Privacy Breach protocol? Comments: Self-Assessment 13

PRIVACY STANDARD ASSESSMENT ACTIVITY PURPOSE Use this tool in conjunction with the Privacy Standard to assess which stage your school board/authority has achieved for each of the 10 commitments. Commitments Privacy commitments are based on globally recognized fair information principles and are grounded in Ontario privacy legislation. The system has not yet begun to address the standard. An effort has been made to address the standard, but the effort has not yet begun to impact a critical mass. endorsed the standard. Members are beginning to modify their thinking and practice as they attempt to implement the standard. The standard is deeply embedded in the system s culture. It represents a driving force in the daily work of the system. It is so internalized that it can survive changes in key personnel. Accountability Personal information under our control has designated individual(s) who are accountable for the school board s/authority s compliance with privacy legislation. Identifying Purposes The purposes for which personal information is collected, used, retained, and disclosed, as well as for notifying individuals, is identified at or before the time the information is collected. Self-Assessment 14

PRIVACY STANDARD ASSESSMENT ACTIVITY Commitments Privacy commitments are based on globally recognized fair information principles and are grounded in Ontario privacy legislation. The system has not yet begun to address the standard. An effort has been made to address the standard, but the effort impact a critical mass. endorsed the standard. Members are beginning to modify their thinking and practice as they attempt to implement the standard. The standard is deeply embedded in the system s culture. It represents a driving force in the daily work of the system. It is so internalized that it can survive changes in key personnel. Consent The knowledge or consent of the individual is obtained for the collection, use or disclosure of personal information, except when not required by law. Limiting Collection The collection of personal information is limited to that which is necessary for the purposes identified by the organization. Information is collected by fair and lawful means. Limiting Use, Disclosure and Retention Personal information shall not be used or disclosed for purposes other than those for which is was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes, or as required by law. Self-Assessment 15

PRIVACY STANDARD ASSESSMENT ACTIVITY Commitments Privacy commitments are based on globally recognized fair information principles and are grounded in Ontario privacy legislation. The system has not yet begun to address the standard. An effort has been made to address the standard, but the effort impact a critical mass. endorsed the standard. Members are beginning to modify their thinking and practice as they attempt to implement the standard. The standard is deeply embedded in the system s culture. It represents a driving force in the daily work of the system. It is so internalized that it can survive changes in key personnel. Accuracy Personal information is as accurate, complete, and up-to-date as is necessary to fulfill the specified purposes for which it is to be used. Safeguards Personal information is protected from unauthorized access, disclosure, and inadvertent destruction by adhering to safeguards appropriate to the sensitivity of the information. Openness Information about policies and practices relating to the management of personal information is made readily available to the public, including breach protocol. Self-Assessment 16

PRIVACY STANDARD ASSESSMENT ACTIVITY Commitments Privacy commitments are based on globally recognized fair information principles and are grounded in Ontario privacy legislation. The system has not yet begun to address the standard. An effort has been made to address the standard, but the effort impact a critical mass. endorsed the standard. Members are beginning to modify their thinking and practice as they attempt to implement the standard. The standard is deeply embedded in the system s culture. It represents a driving force in the daily work of the system. It is so internalized that it can survive changes in key personnel. Individual Access Upon request, an individual is informed of the existence, use, and disclosure of his/her personal information and is given access to that information. An individual may challenge the accuracy and completeness of the information and request that it be amended as appropriate or have a letter of objection retained on file. Challenging Compliance An individual shall be able to address a challenge concerning compliance with the above tenets to the designated individual(s) accountable for compliance. Self-Assessment 17

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback