DHP3003 : Data Handling Protocol 3003
DHP3003 forms a core standard for IC9700 and is regulated by Data Trust.
It verifies and certifies that an organization complies with the following standards in relation to collection and destruction of data.
The collection and storage of customer data is one of the most important aspect of any business. The DHP protocol is designed to deal with data over its life cycle, from its creation and validation, to its storage and then its eventual destruction.
This standard was developed, and is in part regulated, by Data Trust.
- A Company will do the following:
- Notify a user whenever it collects personally identifiable data.
- Have a comprehensive online privacy policy to notify the customer of data collection and use.
- Recognise that personally identifiable and financial data is more critical to the user than site statistics and therefore kept in a more secure area.
- Inform users of the purpose of the information collected.
- Inform users whether or not information will be shared with other companies and/or organizations.
- Notify the user of the use of persistent identifiers (Web Cookies) placed on their system by the Company web site.
-
A Company must not send unsolicited communications resulting from providing information on their site.
-
A Company shall not collect personally identifiable data from any persons under the age of 13.
-
A Company must provide the user with the opportunity to opt out of any mailing list that the user has joined.
-
A Company must make clear whether the user has access to the personally identifiable information that has been gathered to review and correct if needed.
-
A Company shall delete/destroy personally identifiable data about a user upon formal request by the user to do so.
-
Upon the termination of the company all financial data held by the company, that will be of no further use to the relevant authorities or liquidators, must be comprehensively destroyed.