Professional Documents
Culture Documents
Transmission of PII Procedure
Transmission of PII Procedure
1. Scope
All transmission of personally identifiable information (PII) by electronic means is subject to this procedure.
PII transfers and disclosures to other legal jurisdictions are further controlled under the International PII
Transfers Procedure.
2. Responsibilities
are responsible for agreeing the terms of transmissions with partners and suppliers.
The Management System Owner (MSO) is responsible for reviewing logs of PII transmission.
The Data Protection Officer is responsible for validating that privacy impact assessments (PIAs) account for
transmission of PII and the mechanisms used.
3. Procedure
3.2 The PII to be transmitted and the schedule for doing so is determined by each processing activity, and is
thus subject to PIA (Privacy Impact Assessment Procedure).
3.3 Contracts with partners, suppliers and customers set out the PII that will be transmitted, the mechanism
by which it will be transmitted and the frequency of any such transmissions.
G42
Classification_1,Classification_2,Classification_3,Classification_4
This document contains material that is distributed under licence from IT Governance Publishing Ltd.
3.5 PII transmitted is encrypted in accordance with the Information Security and Privacy Classification
Guidelines.
3.8 G42 limits access to transmission systems on the basis of least privilege – only those with a confirmed
need to use transmission systems are permitted access.
3.8.1
The Management System Owner (MSO) is the owner of this document and is responsible for ensuring that it
is reviewed in line with the requirements of the management system.
Its approval status can be viewed in the Master List of Document Approval.
G42
Classification_1,Classification_2,Classification_3,Classification_4
This document contains material that is distributed under licence from IT Governance Publishing Ltd.