Page 19 - Privacy_Program
P. 19
PRIVACY POLICIES [DP111]
Back to Table of Contents
Scope: Enterprise
Distribution: Executive Leadership Team; Director of Information Technology, Privacy and Data Security
Purpose: To document the Privacy Steering Committee’s direction with regard to information privacy.
External Regulation or Standard: GAPP Principle 1: Management
Who is Responsible Statement Policy, Standard, or Procedure Statement
Number
Director of Information DP111.1 The Director of Information Technology, Privacy and Data Security will
Technology, Privacy and maintain the organization's information‐privacy documentation in a way that
Data Security is up to date and easily accessible by the organization.
Director of Information DP111.2 The organization's privacy policies will be organized according to the Generally
Technology, Privacy and Accepted Privacy Principles framework, HIPAA Privacy Rule, Minnesota
Data Security Government Data Practices Act, and other applicable regulations and
standards.
Director of Information DP111.3 The organization will retain the most recent version of its information‐privacy
Technology, Privacy and policies if they are in effect, plus an additional year.
Data Security
Director of Information DP111.4 The Director of Information Technology, Privacy and Data Security will
Technology, Privacy and administer policy waivers and exceptions, consulting the Privacy Steering
Data Security Committee as appropriate.
Director of Information DP111.5 The Director of Information Technology, Privacy and Data Security will initiate
Technology, Privacy and an annual review of the organization's information‐privacy policies to
Data Security determine and propose to the Privacy Steering Committee if new risks or
compliance obligations merit policy changes or additions.
GES CONFIDENTIAL 19
