Criterion: Privacy

Version 1.0.0 | Status: Active

UN conformity topic code:

Data Privacy

Requirements for protecting personal information and privacy

Full Description

D6. Privacy

Code 8.0

Participants shall commit to protecting the reasonable privacy expectations of personal information of everyone they do business with, including suppliers, customers, consumers, and employees. Participants shall comply with privacy and information security laws and regulatory requirements when personal information is collected, stored, processed, transmitted, and shared.

Elements to Demonstrate Compliance to RBA Code

1. Policy

Ensure facility ethics and/or privacy policy includes the following elements:

a. Preventing unauthorized disclosure of personal information

2. Procedures & Practices

Procedures & Practices are in place such that:

a. No personal information is viewable to someone who is unauthorized.
b. Information is only collected, stored, processed, transmitted, or shared after the individual has given their approval (or defaulted by local law).

3. Controls & Monitoring

Controls & Monitoring should include:

a. Safeguards are in place to prevent unauthorized disclosure of personal information.
b. Monitoring procedures related to the protection of personal information are in place.

4. Serious conditions that will result in a severe finding

Personal information is collected, stored, processed, transmitted, or shared without the individual's prior and ongoing approval.

Profiles using this criterion

RBA Assessment Program

VAP Full Assessment | 8.0.2
VAP Full Assessment | 8.0.1

Conformity Alignment

Priority

Pass: No
Definition: "Critical non-conformance requiring immediate action"
Remediation: 30 days

Major

Pass: No
Definition: "Significant non-conformance requiring corrective action"
Remediation: 90 days

Minor

Pass: Yes
Definition: "Non-conformance with limited impact"
Conditions: Corrective action plan required
Remediation: 180 days

Opportunity

Pass: Yes
Definition: "Opportunity for improvement identified"

Conformance

Pass: Yes
Definition: "Full conformance with criterion requirements"

Related Criterion

VAP: Intellectual Property

Relationship: Related
Protection of confidential information

VAP: Protection of Identity and Non-Retaliation

Relationship: Related
Protection of personal identity

VAP: Ethics Management System

Relationship: Parent
Management system for ethics practices

Change Log

1.0.0 (2024-01-01)

Initial release.