DATA GOVERNANCE AND SECURITY Archives - Findings

How does company store or retain personal information, and how does the company determine when such data needs to be destroyed?

How does company store or retain personal information, and how does the company determine when such data needs to be destroyed?

Please describe how company destroys personal information

Please describe how company destroys personal information

Does the company have a policy on secure deletion of archived or backed-up data?

Does the company have a policy on secure deletion of archived or backed-up data?

What process is in place, if any, for assessing the potential privacy and data protection risks that may be associated with a new type of processing activity?

What process is in place, if any, for assessing the potential privacy and data protection risks that may be associated with a new type of processing activity?

Is personal information retained or deleted in accordance with a data retention policy?

Is personal information retained or deleted in accordance with a data retention policy?

Please provide a copy of that policy

Please provide a copy of that policy

Does company have a security breach or incident response plan?

Does company have a security breach or incident response plan?

Please provide a copy of the plan and any breach reports, audits, and assessments

Please provide a copy of the plan and any breach reports, audits, and assessments

Does the company have a data inventory or other type of information governance program?

Does the company have a data inventory or other type of information governance program?