• CAN-SPAM Compliance

    Tag: Malicious email

    requirements for businesses and or people who are soliciting services or products via commercial mail to potential consumers

    start checklist
  • Purse or wallet lost, stolen or missing

    Tag: Confidential information

    If your wallet or purse is stolen or if you left it somewhere and now it’s gone, there are several steps you should take to make sure your information is safe and secure.

    start checklist
  • Stop Smartphones from Listening

    Tag: Alexa

    Many smartphone users are unaware that their phone is capable of listening to conversations, even when the screen is turned off. Some apps can mysteriously turn on the microphone function and target conversations and noise in the background to produce targeted ads. It is possible to mitigate this issue and thus reduce the risk of passive listening. Here are a few steps to help keep conversations private and out of the hands of apps and advertising companies.

    start checklist
  • Privacy Impact Assessment - Seattle

    Tag: Privacy assessment

    Adapted with permission from City of Seattle's Privacy Impact Assessment template

    start checklist
  • Preventing location tracking

    Tag: Mobile devices

    ways consumers can control, or protect against, location data collection

    start checklist
  • Cyber incident Response Checklist - DES

    Tag: Data security

    Help for state agencies dealing with a cybersecurity incident. Private citizens will likely find “So You Think You’ve Been Hacked” more useful.

    start checklist
  • Getting Started with Data.wa.gov

    Tag: Open data

    start checklist
  • Data Governance Rubric - Public Schools

    Tag: Governance

    This rubric, adapted from the manual from Washington State's Superintendent of Public Instruction, is meant for use by a thrid party coach or reviewer.

    start checklist
  • Data Mapping

    Tag: Records

    How to do an electronic records inventory or "data map"

    start checklist
  • Electronic Records Leading Practices

    Tag: Records

    leading Practices for managing electronic records, identified by the WA State Archives

    start checklist
  • Determining Whether There is a Data Breach Checklist

    Tag: Personal information (PI)

    Breaches are becoming more common because of the collection and storage of mass amounts of data.

    start checklist
  • Using Overt Video Surveillance in Washington

    Tag: surveillance

    Installing surveillance equipment may seem like a logical decision for your organization, but collection and use of personal information through video surveillance may violate privacy law and could lead to other costly liabilities.

    start checklist
  • Threat modeling

    Tag: Threat modeling

    Threat modeling is an approach for analyzing the security of an application.

    start checklist
  • Risk Assessment When a Breach has Occurred

    Tag: Data breach

    Now that you have discovered a breach occurred what do you do.

    start checklist
  • So you think you’ve been hacked - What Now?

    Tag: Hacking

    Computer attacks are part of modern life. While we can all fall victim to malicious hackers, it is the elderly and novice computer users who are most frequently targeted.

    start checklist
  • Publishing Open Data

    Tag: Open Data Champion

    Open data is the concept that some data should be freely available for everyone to use and republish.

    start checklist
  • Privacy By Design

    Tag: Design

    Privacy by Design is a concept that privacy measures and considerations are made throughout the entire process / product development lifecycle.

    start checklist
  • Phishing scams

    Tag: Phish / variations thereof

    Phishing scams are one of the most common forms of security breaches for individuals as well as organizations because these scams rely on human error.

    start checklist
  • Multi-factor authentication

    Tag: MFA

    Multi-Factor Authentication (MFA) is a multi-step login process that provides an extra layer of security by requiring an additional factor (or factors) to be provided in the authentication process.

    start checklist
  • Internet of Things Consumer Privacy Checklist

    Tag: IoT

    The "Internet of Things" or IoT for short, has taken the marketplace - and our homes - in force. But when someone refers to the IoT what exactly do they mean, and just how pervasive are these devices?

    start checklist
  • Hacking prevention measures

    Tag: Computer backup

    You can take easy and inexpensive steps to mitigate your chances of being hacked. The following guidance provides an overview of some easy - and cost effect - measures you can implement by yourself.

    start checklist
  • GDPR Compliance for Small Businesses: What You Need to Know

    Tag: GDPR

    The GDPR will apply to small businesses located in the US because the internet creates a global marketplace.

    start checklist
  • Ensuring Genomic Privacy Checklist

    Tag: Human Genome

    Privacy and data security are huge concerns for consumers with today's extensive use of technology for acquisition and storage of information.

    start checklist
  • Drone Policy Checklist

    Tag: Drone

    The advent and the potential widespread use of drones has raised many complex questions in Washington State, resulting in different legislative proposals to regulate the use of drones — unmanned aerial vehicles — by state agencies and programs.

    start checklist
  • Data Storage Procedures

    Tag: Contractor

    The overriding goal of Data Minimization is to share only the minimum amount of data necessary for the minimum amount of time to accomplish your goals.

    start checklist
  • Data Sharing

    Tag: Informed consent

    Although not all organizations rely on data sharing as a core process to their business models, most organizations need to share some amount of personal information to operate efficiently. For example, data is often shared with third-parties who supply tools for HR processes.

    start checklist
  • Data Minimization

    Tag: Privacy assessment

    Today, many organizations believe that the more data you have the more valuable it is. However, the over collection of personal information can dramatically increase the potential harm to individuals in case of a data breach. In addition, collecting unnecessary or indirect information that is loosely tied to a purpose is increasingly viewed as exceeding the scope of consent.

    start checklist
  • Data Destruction Procedures

    Tag: Data destruction

    The following are acceptable destruction methods for various types of media. At least one method defined under the various types of media must be used to destroy any data that you deem confidential or sensitive for that media type.

    start checklist
  • Creating a Data Security Plan

    Tag: Data map

    Organizations sometimes wonder about the relationship between privacy and security. In some settings, good security may be viewed as conflicting with good privacy, especially when surveillance measures are required.

    start checklist
  • Classifying Data

    Tag: Public data

    Under State Technology Policy 141.10, Agencies must classify data into categories based on the sensitivity of the data. This checklist helps Agencies determine what type of data they are collecting and the proper handling of that data.

    start checklist
  • Privacy in Internet-Connected Toys

    Tag: Internet of Toys

    Many of the devices we buy are now connected to the internet in some fashion, we call these devices Internet of Things or IoT for short. But there is a new type of IoT devices on the market: children's toys, which is giving IoT a new meaning.

    start checklist
  • How to Approach Bring Your Own Device (BYOD)

    Tag: Monitoring system

    BYOD stands for “Bring Your Own Device,” which refers to employees bringing their own mobile, tablet, laptop, or other computer devices to work. As personal smartphones are ubiquitous in our lives, many employees expect to use personal smartphones and mobile devices at work.

    start checklist
  • Agency GDPR Checklist

    Tag: GDPR

    While it is most likely Agencies will not come under GDPR scrutiny, it is still important to know the risks and how to avoid them. This checklist provides a quick primer on issues that will open an agency to GDPR violations and how to avoid those pitfalls.

    start checklist
  • Acceptable use policy

    Tag: Training policy

    Computer use is ubiquitous in state government and agencies. Having strong acceptable use policies can help protect against the significant security, privacy, and other threats to an organization. It is recommended that every organization have an acceptable use policy for computers, tablets, phones, and other mobile devices, whether they are owned by the organization or privately by the employees themselves and brought to work.

    start checklist
  • Open more checklists

The Office of Privacy and Data Protection is also the sponsor for “Privacy Modeling,” a web application that identifies the privacy laws relevant to the product or service you wish to create.

Go to Privacy Modelling App

Something went wrong. Please try again.