- Do you have the appropriate privacy policies in place to govern commercial and employee privacy and social media?
- Have you conducted in-house education programs to ensure that all employees are aware of their obligations under privacy laws and your organization’s policies?
- Have you done a reality check to make sure that your company's practices follow the commitments made in the privacy policies regarding the collection, use, storage, disclosure and disposal of personal information?
- Do you know where your personal information is stored and whether it is secure?
- Do you have passwords and other technological, physical and administrative security measures in place to protect personal information, which are appropriate to the sensitivity of such information?
- Have you restricted access to personal information to those employees with a need to know?
- Do you have the consent of any identifiable individual whose name, likeness, image or other personal information is used in advertisements, websites and other external or promotional material?
- Do you have a response plan in place to deal with any privacy breaches, including legal, PR, IT and HR issues?
- Do you have employee rules and policies in place to govern the use and safekeeping of portable data devices as well as company-issued personal electronic devices including laptops and smart phones?
- Have you appointed a person/office to oversee privacy compliance and deal with privacy complaints/questions?