We received this update from I-Sigma and we are sharing this with you.
While NAID AAA and PRISM Privacy+ Certified service providers will receive a more detailed official written orientation on November 16, for purposes of this initial notification, there are essentially four modifications, all of which apply to policies and procedures.
- Breach Notification Timeframe: Service Providers will modify their policies and procedures to state that the client (data controller) will be notified immediately after the service provider establishes that a data security breach has occurred. This change was made to comply with changes in data breach notification regulations.
- Data Subject Response Policy: Service providers will be required to acknowledge they will respond in a reasonable manner to data subjects (clients of their clients) making a request for information about how their confidential materials are processed and/or the nature of any personal information the service provider may have on the data subject making the request. This too is a result of regulatory requirements. While it is not anticipated many such requests will be made, the one thing regulators will not allow, is that such requests are ignored. Advice on safe approaches to policy language will be provided to NAID AAA and PRISM Privacy+ Certified service providers.
- Photographic/Electronic Equipment Use Policy Requirement: Certified service providers will be required to have a written policy related to employees use of personal and company photographic and electronic equipment. Again, samples of such policy language will be provided.
- Vehicle Security: Certified service providers will be required to demonstrate a procedure for establishing the location of service vehicles in route. While GPS tracking is a technological solution (on trucks or handhelds), advice to certified members will include acceptable administrative procedures.
Effective Date/Enforcement: The effective date for the changes is January 1, 2021, at which point i-SIGMA Auditors will identify non-compliance. Between January and March, non-compliance with these requirements may be remedied after the fact.
See the entire article Here.
Document Destruction, Cincinnati, Dayton, Lexington KY and Richmond IN Paper Shredding service is a company that understands the importance of organization in the workplace. Serving both residential properties and commercial businesses, Document Destruction is ready to partner with you to help you and your business achieve optimal organization.