harris 160217 8 chapter 10 legal regulations

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: type of rules. The seven core principles defined by the OECD are as follows: ch10.indd 854 12/4/2009 11:39:06 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 Chapter 10: Legal, Regulations, Compliance, and Investigations 855 • Collection of personal data should be limited, obtained by lawful and fair means, and with the knowledge of the subject. • Personal data should be kept complete and current, and be relevant to the purposes for which it is being used. • Subjects should be notified of the reason for the collection of their personal information at the time that it is collected, and organizations should only use it for that stated purpose. • Only with the consent of the subject or by the authority of law should personal data be disclosed, made available, or used for purposes other than those previously stated. • Reasonable safeguards should be put in place to protect personal data against risks such as loss, unauthorized access, modification, and disclosure. • Developments, practices, and policies regarding personal data should be openly communicated. In addition, subjects should be able to easily establish the existence and nature of personal data, its use, and the identity and usual residence of the organization in possession of that data. • Subjects should be able to find out whether an organization has their personal information and what that information is, to correct erroneous data, and to challenge denied requests to do so. • Organizations should be accountable for complying with measures that support the previous principles. N OTE NOTE Information on OECD Guidelines can be found at www.oecd.org/ document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html. Although the OECD is a great start, we still have a long way to go to standardize how cybercrime is dealt with internationally. Organizations that are not aware of and/or do not follow these types of rules and guidelines can be fined and sued, their business can be disrupted, or they can go out of business. If your company i...
View Full Document

Ask a homework question - tutors are online