SIA Privacy Code of Conduct
The Security Industry Association (SIA) Privacy Code of Conduct was designed to encourage organizations to design and implement a privacy program based on ethical principles, robust security, applicable regulations and laws and end user expectations.
Introduction
SIA believes privacy is a fundamental right. To that end, SIA asserts that the protection of personal data and privacy right deserves the highest level of commitment from its member organizations. Privacy and security should be regarded as complementary functions within organizations of all sizes. This Privacy Code of Conduct has as its goal to encourage organizations to design and implement a privacy program based on ethical principles, robust security, applicable regulations and laws and end user expectations.
To support this commitment, SIA member companies are encouraged to protect personal data, not just as a business or compliance requirement, but on behalf of stakeholders who trust them with it. Following the principles of accountability, proportionality, reciprocity and transparency in the design of a privacy program will help organizations meet stakeholder expectations, enhance their brands and minimize the cost of mitigation and recovery should a breach occur.
SIA recommends that its member organizations:
- Be accountable with respect to privacy practices by adhering to their privacy policies and following through on their commitment to protect personal data and privacy rights.
- Provide stakeholders with the means to obtain straightforward and concise information about how and why their personal data is being collected, used and maintained.
- Embrace the concept of proportionality by offering stakeholders fair and explicit privacy options when they agree to use a security product or service.
- Support reciprocity by giving users control over their privacy preferences when Such privacy controls should be easy to use, and privacy should be the default, not an option.
- Be transparent in presenting privacy options, practices, settings and Explain in plain language how and why personal data is being collected, used, shared, retained and disposed of.
Definitions
- Personal data means any information that can directly or indirectly associate an individual with an iden- tification number or with one or more factors specific to their physical, physiological, mental, economic, cultural or social identity (e.g., name, date of birth, Social Security number, physical characteristics, email address, computer ID and health-related or genetic information).
- Proportionality means that only that personal data which is adequate and relevant for the specified use is collected and processed.
- Reciprocity means allowing users to adjust their privacy settings to balance their privacy expectations with what they expect to receive from the sharing of personal data. It is a mutual agreement between partici- pating individuals and service providers to accept each other’s privacy assessments.
- Transparency means explaining in plain and direct language how and why personal data is being collected, used, shared, retained and disposed of.
* These principles are not intended to be exhaustive. They are written broadly so they may be applied in a variety of contexts. Since legislative and regulatory requirements vary by location, organizations should make themselves aware of relevant national, state and local mandates and should consult legal counsel where appropriate.
About the SIA Data Privacy Advisory Board
The SIA Data Privacy Advisory Board provides information and best practices to help SIA members handle sensitive data in a safe and secure manner to protect the personally identifiable information of their employees, partners and customers from potential breaches. The board leverages the collective expertise of industry professionals, law enforcement, security practitioners and data privacy experts to inform and educate SIA member companies about methods for mitigating the risk of data breaches.
Back to Top