This is a sample information technology security roles and responsibilities policy.
This is a sample information technology data classification and handling policy.
This sample privacy impact assessment is a tool that can help businesses to identify the privacy (personal information) risks associated with a particular product, service, project, or other activity.
This sample outlines the key concepts and recommended practices for creation of a Data Security Policy - a key component of managing sensitive information.
This is a list of some basic action items to consider, given the widespread and ongoing impact of WannaCry ransomware, along with the likelihood of spin-off ransomware coming in the near future.
This Wisdom of the Crowd (ACC member discussion) is compiled from questions and responses posted by the IT, Privacy and eCommerce Network on their Forum. It addresses the use of indemnification provisions in Business Association Agreements (BAAs) in the United States.
The purpose of this Guidebook is to help the law departments of life sciences and medical devices industry, their affiliates and business associates, clinical researchers (CROs), and third-party vendors focus on the cybersecurity and IP asset protection issues in an accessible and practical way.
This Wisdom of the Crowd, compiled from questions and responses posted on the IT, Privacy, and eCommerce Forum, addresses whether the transfer of business contact "personal" data is subject to data privacy protections under European Union (EU) Law.
This white paper explores the reasons that defensible disposition programs stall out, and outlines several strategies to help organizations “push the delete button” with confidence.