Information Security Standards
Download 377.5 Kb.
|
isp manual
Privacy StandardsThese standards outline the requirements of the SCO pertaining to the collection, maintenance, and dissemination of personally identifiable information. Privacy StandardsPersonal information may only be obtained through lawful means. Subjects providing personal information must be informed of the title, business address, telephone number, and electronic mail address, if applicable, of the SCO official responsible for record requests. All personal information may be collected only after specifying at or prior to the time of collection the purposes for which the information is to be used. Any subsequent use of the information shall be limited to, and consistent with, the fulfillment of those purposes previously specified. Any personal information collected or maintained by the SCO may not be disclosed, made available or otherwise used for a purpose other than those specified, except with the written consent of the subject of the information, or as required by law or regulation. Written consent must be obtained not more than 30 days before the anticipated disclosure or in the time limit agreed to in the written consent. To this end, the subject of personal information should always be notified that the SCO might use their private information to contact them for the purposes of receiving their written consent. Personal information shall only be collected for purposes that are relevant to which it is needed. To the greatest extent practicable, personal information shall be obtained directly from the individual who is the subject of the information rather than from another source. The general means by which personal information is protected against loss, unauthorized access, use, modification, or disclosure shall be posted, unless the disclosure of the general means would compromise legitimate SCO security objectives or law enforcement purposes. REMINDER: All hardcopy and electronic documentation regarding SCO production systems and information related to the implementation and configuration of information security controls and safeguards, and vulnerability information (including security incident information), is classified as “confidential”, and should not be disclosed. Subjects providing personal information should be reminded that any information they submit may become a public record once submitted, and it may be subjected to public inspection and copying if not otherwise protected by federal or state law. Personal information shall never be distributed or sold to any third party without the permission of the subject providing such information except as prescribed by law. Access to personal information by individuals or systems must be limited to those customers, business partners, contractors, or entities specifically authorized by the Division Chief or their designated Information Security Coordinator to access that information in accordance with all relevant statutes and requirements. Additional special privacy protections for minors: Personal information shall never be requested from or accepted from a minor without the written consent of a parent or guardian. Minors (people under the age of 18) are not eligible to use any SCO service that requires the submission of private information without their parent’s or guardian’s consent. Personal information pertaining to minors will never be provided to third parties. Minors should be advised to seek the consent of their parents or guardians for guidance on this matter. Download 377.5 Kb. Do'stlaringiz bilan baham: 
|