The Privacy and Data Protection Policy sets forth minimum standards for the collection, access, use, disclosure, disposal, safeguarding and other handling of certain nonpublic identifiable information on current, former, and prospective employees, clients and other third parties that the Company keeps or uses for business purposes. Such information is referred to as “Protected Information”.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. MINIMUM STANDARDS
4. PROTECTED INFORMATION
5. COMPLYING WITH THIS POLICY AND OTHER PRIVACY AND DATA PROTECTION STANDARDS
6. COLLECTING AND ACCESSING PROTECTED INFORMATION FOR LEGITIMATE BUSINESS PURPOSES
7. CORRECTING AND UPDATING PROTECTED INFORMATION
8. APPROPRIATE ADMINISTRATIVE, PHYSICAL AND TECHNICAL SAFEGUARDS
9. DISCLOSING PROTECTED INFORMATION ON A “NEED-TO-KNOW”BASIS
10. ACCESSING / TRANSFERRING PROTECTED INFORMATION INTERNATIONALLY
11. RESPONDING TO SUSPECTED AND CONFIRMED BREACHES TO PROTECTED INFORMATION OR TO SYSTEMS CONTAINING PROTECTED INFORMATION
12. HOLDING SERVICE PROVIDERS TO COMPARABLE PRIVACY AND DATA PROTECTION STANDARDS
13. PERIODIC REVIEWS OF COMPLIANCE WITH PRIVACY AND DATA PROTECTION STANDARDS
15. FINAL CONSIDERATIONS
15.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
15.2 DOCUMENT REVISION
The Records Management Policy outlines the principles and minimum standards for Record creation, classification, retention and destruction within the Company and its subsidiaries, affiliates, branches and representative offices.
The objectives of the Review, Retention and Supervision of Electronic Communications Policy are to set forth the Company’s restrictions and requirements regarding electronic communications, including but not limited to e-mail, instant messaging, text messaging and SMS messages.