This preview shows page 1. Sign up to view the full content.
Unformatted text preview: type of rules.
The seven core principles defined by the OECD are as follows: ch10.indd 854 12/4/2009 11:39:06 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 Chapter 10: Legal, Regulations, Compliance, and Investigations 855
• Collection of personal data should be limited, obtained by lawful and fair
means, and with the knowledge of the subject.
• Personal data should be kept complete and current, and be relevant to the
purposes for which it is being used.
• Subjects should be notified of the reason for the collection of their personal
information at the time that it is collected, and organizations should only use
it for that stated purpose.
• Only with the consent of the subject or by the authority of law should
personal data be disclosed, made available, or used for purposes other than
those previously stated.
• Reasonable safeguards should be put in place to protect personal data against
risks such as loss, unauthorized access, modification, and disclosure.
• Developments, practices, and policies regarding personal data should be
openly communicated. In addition, subjects should be able to easily establish
the existence and nature of personal data, its use, and the identity and usual
residence of the organization in possession of that data.
• Subjects should be able to find out whether an organization has their personal
information and what that information is, to correct erroneous data, and to
challenge denied requests to do so.
• Organizations should be accountable for complying with measures that
support the previous principles.
NOTE Information on OECD Guidelines can be found at www.oecd.org/
document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html. Although the OECD is a great start, we still have a long way to go to standardize
how cybercrime is dealt with internationally.
Organizations that are not aware of and/or do not follow these types of rules and
guidelines can be fined and sued, their business can be disrupted, or they can go out of
business. If your company i...
View Full Document
- Fall '12