 
| Sender: |
|
| Date: |
Tue, 4 Jul 2006 09:42:51 +0100 |
| Reply-To: |
|
| Subject: |
|
| MIME-Version: |
1.0 |
| Content-Transfer-Encoding: |
8bit |
| In-Reply-To: |
|
| Content-Type: |
text/plain; charset="us-ascii" |
| From: |
|
| Parts/Attachments: |
|
|
http://www.ico.gov.uk/eventual.aspx
Hi
I don't think you have anything similar to the Data Protection Act in
the States but this link may give you some useful insights into what may
be deemed confidential. This includes what occurs in documents and
databases too.
******************************
Jane Evans
Information Governance & Evaluation Manager
Information Team
Screening Services
18 Cathedral Road
Cardiff
CF11 9LJ
Tel: 029 2078 7818
WHTN: 1670 7818
Fax: 029 2078 7900
email: [log in to unmask]
******************************
-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On
Behalf Of Piotrowski, Charles
Sent: 29 June 2006 18:01
To: [log in to unmask]
Subject: An Now Back to Our Original Program: RIM
Hi folks,
I have been assigned the task of drafting a definition of "Confidential
and Sensitive Information" to be used in a corporate policy (bumping it
up from an "Information Asset Management (IAM) Guideline").
To give you some context we, CVPS, are a private electric utility
operated in the public interest (not a gov't agency) traded on the NYSE
as well as regulated by our state's Public Service Board et al. We don't
have nukes.
We have a tradition of being more cautious and secure than state and
federal law requires when it comes to personal identity info and other
"confidential and sensitive" info. In our IAM guidelines we define
"confidential and sensitive info" as:
1. Personal names in combination with:
a. Home address
b. Home phone number
c. Social Security Number
d. Drivers license or state identification number
2. Medical information
3. Credit card information
4. Bank account information
5. Employee Performance Reviews
6. Company sensitive business information such as, but not limited to:
6a. Maps, charts and diagrams that detail operations at a level
that could be used to aid in the disruption or hindering of CVPS's
ability to deliver electricity, or otherwise conduct business
b. Financial statements that may reveal or cause financial harm to
CVPS or its employees.
7. Sensitive or confidential information from or about other businesses
given to CV in confidence
8. Salary and compensation information
9. Employee or customer information that may be sensitive in some other
manner
10. If you are not sure, error on the side of caution and assume it is.
I am set on having the 1-10 as a baseline, (you can ask particulars as
you see fit), but I was wondering what I have missed. Please be as
picayune as possible, but remember my goal is for a corporate policy...
As always, thanks for the help....
Chuck Piotrowski
CVPS
www.cvps.com
This computer runs on Cow Power!
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
|
|
|
