2. Has your company sent its customers all required privacy notices containing opt-out information?
3. Can your systems--and the business processes they support--handle customer requests to prevent sharing their nonpublic information with unaffiliated third parties?
4. Do you have an audit and compliance process for the internal review of privacy requirements?
5. Have you completed an inventory of data elements and evaluated them for privacy implications pertaining to personally identifying information (such as Social Security numbers)?
6. Do you have a process in place for customers to access the personal information you collect about them and to request changes?
Find out more in Baseline's project map on
Hedging Your Bets With Cyberinsurance