| |
Privacy Policy and
Compliance
OECD Guidelines on the Protection of Privacy and Transborder Flows
of Personal Data
The development of
automatic data
processing, which enables vast quantities of data to be
transmitted within seconds across national frontiers, and indeed
across continents, has made it necessary to consider privacy
protection in relation to personal data.
Privacy protection laws have been
introduced, or will be introduced shortly, in approximately one
half of OECD Member countries (Austria, Canada, Denmark, France,
Germany, Luxembourg, Norway, Sweden and the United States have
passed legislation.
Belgium, Iceland, the Netherlands, Spain and Switzerland have
prepared draft bills) to prevent what are considered to be
violations of fundamental human rights, such as the unlawful
storage of personal data, the storage of inaccurate personal data,
or the abuse or unauthorised disclosure of such data.
On the other hand, there is a danger that disparities in national
legislations could hamper the free flow of personal data across
frontiers; these flows have greatly increased in recent years and
are bound to grow further with the widespread introduction of new
computer and communications technology. Restrictions on these
flows could cause serious disruption in important sectors of the
economy, such as banking and insurance.
For this reason OECD Member countries considered it necessary to
develop Guidelines which would help to harmonise national privacy
legislation and, while upholding such human rights, would at the
same time prevent interruptions in international flows of data.
They represent a consensus on basic principles which can be built
into existing national legislation, or serve as a basis for
legislation in those countries which do not yet have it.
The Guidelines, in the form of a Recommendation by the Council of
the OECD, were developed by a group of government experts under the
chairmanship of The Hon. Mr. Justice M.D. Kirby, Chairman of the
Australian Law Reform Commission.
The Recommendation was
adopted and became applicable on 23rd September, 1980.
The
Guidelines are accompanied by an Explanatory Memorandum intended to
provide information on the discussion and reasoning underlining
their formulation.
Every Monday
Top 10 risk and
compliance management related news stories and world events
Do you want to receive every Monday the Top 10
risk and compliance
management related news stories and
world events that (for better or
for worse) shaped the week's agenda, and what is next?
You
may submit the form that follows. We meet strict national and
international privacy standards. You can unsubscribe at any time.
RECOMMENDATION OF THE COUNCIL CONCERNING GUIDELINES GOVERNING THE
PROTECTION OF PRIVACY AND TRANSBORDER FLOWS OF PERSONAL DATA (23rd
September, 1980)
THE COUNCIL,
Having regard to articles 1(c), 3(a) and 5(b) of the Convention on
the Organisation for Economic Co-operation and Development of 14th
December, 1960
RECOGNISING:
that, although national laws and policies may differ, Member
countries have a common interest
in protecting privacy and
individual liberties, and in reconciling fundamental but competing
values such as privacy and the free flow of information;
that
automatic processing and transborder flows of personal data create
new forms of relationships among countries and require the
development of compatible rules and practices;
that transborder
flows of personal data contribute to economic and social
development;
that domestic legislation concerning privacy
protection and transborder flows of personal data may hinder such
transborder flows;
Determined to advance the free flow of
information between Member countries and to avoid the creation of
unjustified obstacles to the development of economic and social
relations among Member countries;
RECOMMENDS:
That Member countries take into account in
their domestic legislation the principles concerning the protection
of privacy and individual liberties set forth in the Guidelines
contained in the Annex to this Recommendation which is an integral
part thereof;
That Member countries endeavour to remove or
avoid creating, in the name of privacy protection, unjustified
obstacles to transborder flows of personal data;
That Member
countries co-operate in the implementation of the Guidelines set
forth in the Annex;
That Member countries agree as soon as
possible on specific procedures of consultation and co-operation for
the application of these Guidelines.
Annex to the
Recommendation of the Council of 23rd September 1980
GUIDELINES GOVERNING THE PROTECTION OF
PRIVACY AND TRANSBORDER FLOWS OF PERSONAL DATA PART ONE.
GENERAL
DEFINITIONS.
1. For the purposes of these Guidelines:
a) "data controller" means a party who, according to domestic
law, is competent to decide about the contents and use of personal
data regardless of whether or not such data are collected, stored,
processed or disseminated by that party or by an agent on its
behalf;
b) "personal data" means any information relating to
an identified or identifiable individual (data subject);
c)
"transborder flows of personal data" means movements of personal
data across national borders.
Scope of Guidelines
2.
These Guidelines apply to personal data, whether in the public or
private sectors, which, because of the manner in which they are
processed, or because of their nature or the context in which they
are used, pose a danger to privacy and individual liberties.
3. These Guidelines should not be interpreted as preventing:
a) the application, to different categories of personal data, of
different protective measures depending upon their nature and the
context in which they are collected, stored, processed or
disseminated;
b) the exclusion from the application of the
Guidelines of personal data which obviously do not contain any risk
to privacy and individual liberties; or
c) the application of
the Guidelines only to automatic processing of personal data.
4. Exceptions to the Principles contained in Parts Two and Three
of these Guidelines, including those relating to national
sovereignty, national security and public policy ("ordre public"),
should be:
a) as few as possible, and
b) made known to
the public.
5 . In the particular case of Federal countries
the observance of these Guidelines may be affected by the division
of powers in the Federation.
6. These Guidelines should be
regarded as minimum standards which are capable of being
supplemented by additional measures for the protection of privacy
and individual liberties.
BASIC
PRINCIPLES OF NATIONAL APPLICATION.
Collection
Limitation Principle
7. There should be limits to the
collection of personal data and any such data should be obtained by
lawful and fair means and, where appropriate, with the knowledge or
consent of the data subject.
Data Quality Principle
8.
Personal data should be relevant to the purposes for which they are
to be used, and, to the extent necessary for those purposes, should
be accurate, complete and kept up-to-date.
Purpose Specification
Principle
9. The purposes for which personal data are
collected should be specified not later than at the time of data
collection and the subsequent use limited to the fulfilment of those
purposes or such others as are not incompatible with those purposes
and as are specified on each occasion of change of purpose.
Use
Limitation Principle
10. Personal data should not be
disclosed, made available or otherwise used for purposes other than
those specified in accordance with Paragraph 9 except:
a)
with the consent of the data subject; or
b) by the authority
of law.
Security Safeguards
Principle
11. Personal data should be protected by
reasonable security safeguards against such risks as loss or
unauthorised access, destruction, use, modification or disclosure of
data.
Openness Principle
12. There should be a general
policy of openness about developments, practices and policies with
respect to personal data. Means should be readily available of
establishing the existence and nature of personal data, and the main
purposes of their use, as well as the identity and usual residence
of the data controller.
Individual
Participation Principle
13. An individual should have
the right:
a) to obtain from a data controller, or otherwise,
confirmation of whether or not the data controller has data relating
to him;
b) to have communicated to him, data relating to him
within a reasonable time;
at a charge, if any, that is not
excessive;
in a reasonable manner; and
in a form that is
readily intelligible to him;
c) to be given reasons if a
request made under subparagraphs(a) and (b) is denied, and to be
able to challenge such denial; and
d) to challenge data
relating to him and, if the challenge is successful to have the data
erased, rectified, completed or amended.
Accountability Principle
14. A data controller should be accountable for complying with
measures which give effect to the principles stated above.
BASIC PRINCIPLES OF INTERNATIONAL
APPLICATION: FREE FLOW AND LEGITIMATE RESTRICTIONS
15.
Member countries should take into consideration the implications for
other Member countries of domestic processing and re-export of
personal data.
16. Member countries should take all
reasonable and appropriate steps to ensure that transborder flows of
personal data, including transit through a Member country, are
uninterrupted and secure.
17. A Member country should refrain
from restricting transborder flows of personal data between itself
and another Member country except where the latter does not yet
substantially observe these Guidelines or where the re-export of
such data would circumvent its domestic privacy legislation. A
Member country may also impose restrictions in respect of certain
categories of personal data for which its domestic privacy
legislation includes specific regulations in view of the nature of
those data and for which the other Member country provides no
equivalent protection.
18. Member countries should avoid
developing laws, policies and practices in the name of the
protection of privacy and individual liberties, which would create
obstacles to transborder flows of personal data that would exceed
requirements for such protection.
NATIONAL IMPLEMENTATION
19. In implementing
domestically the principles set forth in Parts Two and Three, Member
countries should establish legal, administrative or other procedures
or institutions for the protection of privacy and individual
liberties in respect of personal data. Member countries should in
particular endeavour to:
a) adopt appropriate domestic
legislation;
b) encourage and support self-regulation,
whether in the form of codes of conduct or otherwise;
c)
provide for reasonable means for individuals to exercise their
rights;
d) provide for adequate sanctions and remedies in
case of failures to comply with measures which implement the
principles set forth in Parts Two and Three; and
e) ensure
that there is no unfair discrimination against data subjects.
INTERNATIONAL CO-OPERATION
20. Member countries should, where requested, make known to
other Member countries details of the observance of the principles
set forth in these Guidelines. Member countries should also ensure
that procedures for transborder flows of personal data and for the
protection of privacy and individual liberties are simple and
compatible with those of other Member countries which comply with
these Guidelines.
21. Member countries should establish
procedures to facilitate:
information exchange related to these
Guidelines, and
mutual assistance in the procedural and
investigative matters involved.
22. Member countries should
work towards the development of principles, domestic and
international, to govern the applicable law in the case of
transborder flows of personal data.
EXPLANATORY MEMORANDUM: INTRODUCTION
A feature of OECD Member countries over the past decade has been
the development of laws for the protection of privacy. These laws
have tended to assume different forms in different countries, and in
many countries are still in the process of being developed. The
disparities in legislation may create obstacles to the free flow of
information between countries.
Such flows have greatly
increased in recent years and are bound to continue to grow as a
result of the introduction of new computer and communication
technology.
The OECD, which had been active in this field for
some years past, decided to address the problems of diverging
national legislation and in 1978 instructed a Group of Experts to
develop Guidelines on basic rules governing the transborder flow and
the protection of personal data and privacy, in order to facilitate
the harmonization of national legislation.
The Group has
now completed its work.
The Guidelines are broad in nature
and reflect the debate and legislative work which has been going on
for several years in Member countries. The Expert Group which
prepared the Guidelines has considered it essential to issue an
accompanying Explanatory Memorandum.
Its purpose is to
explain and elaborate the Guidelines and the basic problems of
protection of privacy and individual liberties. It draws attention
to key issues that have emerged in the discussion of the Guidelines
and spells out the reasons for the choice of particular solutions.
The first part of the Memorandum provides general background
information on the area of concern as perceived in Member countries.
It explains the need for international action and
summarises the work carried out so far by the OECD and certain other
international organisations. It concludes with a list of the main
problems encountered by the Expert Group in its work.
Part
Two has two subsections. The first contains comments on certain
general features of the Guidelines, the second detailed comments on
individual paragraphs.
This Memorandum is an information
document, prepared to explain and describe generally the work of the
Expert Group. It is subordinate to the Guidelines themselves.
It cannot vary the meaning of the Guidelines but is supplied to help
in their interpretation and application.
GENERAL BACKGROUND
The Problems
1. The 1970s may be described as a period of intensified
investigative and legislative activities concerning the protection
of privacy with respect to the collection and use of personal data.
Numerous official reports show that the problems are taken
seriously at the political level and at the same time that the task
of balancing opposing interests is delicate and unlikely to be
accomplished once and for all.
Public interest has tended
to focus on the risks and implications associated with the
computerised processing of personal data and some countries have
chosen to enact statutes which deal exclusively with computers and
computer-supported activities.
Other countries have
preferred a more general approach to privacy protection issues
irrespective of the particular data processing technology involved.
2. The remedies under discussion are principally safeguards for
the individual which will prevent an invasion of privacy in the
classical sense, i.e. abuse or disclosure of intimate personal data;
but other, more or less closely related needs for protection have
become apparent.
Obligations of record-keepers to inform
the general public about activities concerned with the processing of
data, and rights of data subjects to have data relating to them
supplemented or amended, are two random examples.
Generally
speaking, there has been a tendency to broaden the traditional
concept of privacy ("the right to be left alone") and to identify a
more complex synthesis of interests which can perhaps more correctly
be termed privacy and individual liberties.
3. As far as the
legal problems of automatic data processing (ADP) are concerned, the
protection of privacy and individual liberties constitutes perhaps
the most widely debated aspect.
Among the reasons for such
widespread concern are the ubiquitous use of computers for the
processing of personal data, vastly expanded possibilities of
storing, comparing, linking, selecting and accessing personal data,
and the combination of computers and telecommunications technology
which may place personal data simultaneously at the disposal of
thousands of users at geographically dispersed locations and enables
the pooling of data and the creation of complex national and
international data networks.
Certain problems require
particularly urgent attention, e.g. those relating to emerging
international data networks, and to the need of balancing competing
interests of privacy on the one hand and freedom of information on
the other, in order to allow a full exploitation of the
potentialities of modern data processing technologies in so far as
this is desirable.
Activities at
national level
4. Of the OECD Member countries more
than one-third have so far enacted one or several laws which, among
other things, are intended to protect individuals against abuse of
data relating to them and to give them the right of access to data
with a view to checking their accuracy and appropriateness.
In federal states, laws of this kind may be found both at the
national and at the state or provincial level. Such laws are
referred to differently in different countries.
Thus, it is
common practice in continental Europe to talk about "data laws" or
"data protection laws" (lois sur la protection des données), whereas
in English speaking countries they are usually known as "privacy
protection laws".
Most of the statutes were enacted after
1973 and this present period may be described as one of continued or
even widened legislative activity. Countries which already have
statutes in force are turning to new areas of protection or are
engaged in revising or complementing existing statutes.
Several other countries are entering the area and have bills pending
or are studying the problems with a view to preparing legislation.
These national efforts, and not least the extensive reports and
research papers prepared by public committees or similar bodies,
help to clarify the problems and the advantages and implications of
various solutions.
At the present stage, they provide a
solid basis for international action.
5. The approaches to
protection of privacy and individual liberties adopted by the
various countries have many common features. Thus, it is possible to
identify certain basic interests or values which are commonly
considered to be elementary components of the area of protection.
Some core principles of this type are: setting limits to the
collection of personal data in accordance with the objectives of the
data collector and similar criteria; restricting the usage of data
to conform with openly specified purposes; creating facilities for
individuals to learn of the existence and contents of data and have
data corrected; and the identification of parties who are
responsible for compliance with the relevant privacy protection
rules and decisions.
Generally speaking, statutes to protect
privacy and individual liberties in relation to personal data
attempt to cover the successive stages of the cycle beginning with
the initial collection of data and ending with erasure or similar
measures, and to ensure to the greatest possible extent individual
awareness, participation and control.
6. Differences between
national approaches as apparent at present in laws, bills or
proposals for legislation refer to aspects such as the scope of
legislation, the emphasis placed on different elements of
protection, the detailed implementation of the broad principles
indicated above, and the machinery of enforcement.
Thus,
opinions vary with respect to licensing requirements and control
mechanisms in the form of special supervisory bodies ("data
inspection authorities"). Categories of sensitive data are defined
differently, the means of ensuring openness and individual
participation vary, to give just a few instances.
Of
course, existing traditional differences between legal systems are a
cause of disparity, both with respect to legislative approaches and
the detailed formulation of the regulatory framework for personal
data protection.
International
aspects of privacy and data banks
7. For a number of
reasons the problems of developing safeguards for the individual in
respect of the handling of personal data cannot be solved
exclusively at the national level.
The tremendous increase
in data flows across national borders and the creation of
international data banks (collections of data intended for retrieval
and other purposes) have highlighted the need for concerted national
action and at the same time support arguments in favour of free
flows of information which must often be balanced against
requirements for data protection and for restrictions on their
collection, processing and dissemination.
8. One basic
concern at the international level is for consensus on the
fundamental principles on which protection of the individual must be
based. Such a consensus would obviate or diminish reasons for
regulating the export of data and facilitate resolving problems of
conflict of laws.
Moreover, it could constitute a first
step towards the development of more detailed, binding international
agreements.
9. There are other reasons why the regulation of
the processing of personal data should be considered in an
international context: the principles involved concern values which
many nations are anxious to uphold and see generally accepted; they
may help to save costs in international data traffic; countries have
a common interest in preventing the creation of locations where
national regulations on data processing can easily be circumvented;
indeed, in view of the international mobility of people, goods and
commercial and scientific activities, commonly accepted practices
with regard to the processing of data may be advantageous even where
no transborder data traffic is directly involved.
Relevant international activities
10. There are several international agreements on various
aspects of telecommunications which, while facilitating relations
and co-operation between countries, recognise the sovereign right of
each country to regulate its own telecommunications (The
International Telecommunications Convention of 1973).
The
protection of computer data and programmes has been investigated by,
among others, the World Intellectual Property Organisation which has
developed draft model provisions for national laws on the protection
of computer software. Specialised agreements aiming at informational
co-operation may be found in a number of areas, such as law
enforcement, health services, statistics and judicial services (e.g.
with regard to the taking of evidence).
11. A number of
international agreements deal in a more general way with the issues
which are at present under discussion, viz. the protection of
privacy and the free dissemination of information. They include the
European Convention of Human Rights of 4th November, 1950 and the
International Covenant on Civil and Political Rights (United
Nations, 19th December, 1966).
12. However, in view of the
inadequacy of existing international instruments relating to the
processing of data and individual rights, a number of international
organisations have carried out detailed studies of the problems
involved in order to find more satisfactory solutions.
13. In
1973 and 1974 the Committee of Ministers of the Council of Europe
adopted two resolutions concerning the protection of the privacy of
individuals vis-à-vis electronic data banks in the private and
public sectors respectively.
Both resolutions recommend
that the governments of the Member states of the Council of Europe
take steps to give effect to a number of basic principles of
protection relating to the obtaining of data, the quality of data,
and the rights of individuals to be informed about data and data
processing activities.
14. Subsequently the Council of
Europe, on the instructions of its Committee of Ministers, began to
prepare an international Convention on privacy protection in
relation to data processing abroad and transfrontier data
processing.
It also initiated work on model regulations for
medical data banks and rules of conduct for data processing
professionals.
The Convention was adopted by the Committee
of Ministers on 17th September 1980. It seeks to establish basic
principles of data protection to be enforced by Member countries, to
reduce restrictions on transborder data flows between the
Contracting Parties on the basis of reciprocity, to bring about
co-operation between national data protection authorities, and to
set up a Consultative Committee for the application and continuing
development of the convention.
15. The European Community has
carried out studies concerning the problems of harmonization of
national legislations within the Community, in relation to
transborder data flows and possible distortions of competition, the
problems of data security and confidentiality, and the nature of
transborder data flows.
A sub-committee of the European
Parliament held a public hearing on data processing and the rights
of the individual in early 1978. Its work has resulted in a report
to the European Parliament in spring 1979.
The report,
which was adopted by the European Parliament in May 1979, contains a
resolution on the protection of the rights of the individual in the
face of technical developments in data processing.
Activities of the OECD
16.
The OECD programme on transborder data flows derives from computer
utilisation studies in the public sector which were initiated in
1969. A Group of Experts, the Data Bank Panel, analysed and studied
different aspects of the privacy issue, e.g. in relation to digital
information, public administration, transborder data flows, and
policy implications in general.
In order to obtain evidence
on the nature of the problems, the Data Bank Panel organised a
Symposium in Vienna in 1977 which provided opinions and experience
from a diversity of interests, including government, industry, users
of international data communication networks, processing services,
and interested intergovernmental organisations.
17. A number
of guiding principles were elaborated in a general framework for
possible international action. These principles recognised
(a) the need for generally continuous and uninterrupted flows of
information between countries,
(b) the legitimate interests
of countries in preventing transfers of data which are dangerous to
their security or contrary to their laws on public order and decency
or which violate the rights of their citizens,
(c) the
economic value of information and the importance of protecting "data
trade" by accepted rules of fair competition,
(d) the needs
for security safeguards to minimise violations of proprietary data
and misuse of personal information, and
(e) the
significance of a commitment of countries to a set of core
principles for the protection of personal information.
18.
Early in 1978 a new ad hoc Group of Experts on Transborder Data
Barriers and Privacy Protection was set up within the OECD which was
instructed to develop guidelines on basic rules governing the
transborder flow and the protection of personal data and privacy, in
order to facilitate a harmonization of national legislations,
without this precluding at a later date the establishment of an
international Convention.
This work was to be carried out
in close co-operation with the Council of Europe and the European
Community and to be completed by lst July 1979.
19. The
Expert Group, under the chairmanship of the Honourable Mr. Justice
Kirby, Australia, and with the assistance of Dr. Peter Seipel
(Consultant), produced several drafts and discussed various reports
containing, for instance, comparative analyses of different
approaches to legislation in this field. It was particularly
concerned with a number of key issues set out below.
a) The
specific, sensitive facts issue
The question arose as to
whether the Guidelines should be of a general nature or whether they
should be structured to deal with different types of data or
activities (e.g. credit reporting). Indeed, it is probably not
possible to identify a set of data which are universally regarded as
being sensitive.
b) The ADP issue
The argument that
ADP is the main cause for concern is doubtful and, indeed,
contested.
c) The legal persons issue
Some, but by no
means all, national laws protect data relating to legal persons in a
similar manner to data related to physical persons.
d) The
remedies and sanctions issue
The approaches to control
mechanisms vary considerably: for instance, schemes involving
supervision and licensing by specially constituted authorities might
be compared to schemes involving voluntary compliance by
record-keepers and reliance on traditional judicial remedies in the
Courts.
e) The basic machinery or implementation issue
The choice of core principles and their appropriate level of
detail presents difficulties. For instance, the extent to which data
security questions (protection of data against unauthorised
interference, fire, and similar occurrences) should be regarded as
part of the privacy protection complex is debatable; opinions may
differ with regard to time limits for the retention, or requirements
for the erasure, of data and the same applies to requirements that
data be relevant to specific purposes. In particular, it is
difficult to draw a clear dividing line between the level of basic
principles or objectives and lower level "machinery" questions which
should be left to domestic implementation.
f) The choice of
law issue
The problems of choice of jurisdiction, choice of
applicable law and recognition of foreign judgements have proved to
be complex in the context of transborder data flows.
The
question arose, however, whether and to what extent it should be
attempted at this stage to put forward solutions in Guidelines of a
non-binding nature.
g) The exceptions issue
Similarly, opinions may vary on the question of exceptions. Are they
required at all? If so, should particular categories of exceptions
be provided for or should general limits to exceptions be
formulated?
h) The bias issue
Finally, there is an
inherent conflict between the protection and the free transborder
flow of personal data.
Emphasis may be placed on one or the
other, and interests in privacy protection may be difficult to
distinguish from other interests relating to trade, culture,
national sovereignty, and so forth.
20. During its work the
Expert Group maintained close contacts with corresponding organs of
the Council of Europe. Every effort was made to avoid unnecessary
differences between the texts produced by the two organisations;
thus, the set of basic principles of protection are in many respects
similar.
On the other hand, a number of differences do
occur.
To begin with, the OECD Guidelines are not legally
binding, whereas the Council of Europe has produced a convention
which will be legally binding among those countries which ratify it.
This in turn means that the question of exceptions has been
dealt with in greater detail by the Council of Europe.
As
for the area of application, the Council of Europe Convention deals
primarily with the automatic processing of personal data whereas the
OECD Guidelines apply to personal data which involve dangers to
privacy and individual liberties, irrespective of the methods and
machinery used in their handling.
At the level of details,
the basic principles of protection proposed by the two organisations
are not identical and the terminology employed differs in some
respects. The institutional framework for continued co-operation is
treated in greater detail in the Council of Europe Convention than
in the OECD Guidelines.
21. The Expert Group also maintained
co-operation with the Commission of the European Communities as
required by its mandate.
To learn more: www.oecd.org
The Privacy Officer shall:
1. ensure that the use of technology sustains, and does not erode,
privacy protections relating to the use, collection and disclosure
of personal information;
2. ensure that personal information
contained in Privacy Act systems of records is handled in full
compliance with fair information practices in the Privacy Act of
1974;
3. evaluate legislative and regulatory proposals
involving collection, use and disclosure of personal information by
the Federal Government;
4. conduct a privacy impact
assessment of proposed rules of the Department on the privacy of
personal information, including the type of personal information
collected and the number of people affected;
5. prepare a
report to Congress on an annual basis on activities of the
Department that affect privacy, including complaints of privacy
violations, implementation of the Privacy Act of 1974, internal
controls and other matters; and
6. shall approve the notices
and rules required to be published by the Privacy Act of 1974, as
amended. This includes the authority to ratify, where necessary, any
such rule previously issued. The authority in this paragraph may not
be delegated.
During the absence of the Privacy Officer, any
required notices and rules shall be approved by the Deputy
Secretary.
To learn more:
Department of Homeland
Security, Management Directive System
MD Number: 0470.1 PRIVACY
ACT COMPLIANCE
|
Free
E-book: 100 Job Descriptions in Risk and Compliance Management
Certified Risk and Compliance Management Professional (CRCMP)
Distance Learning and Online Certification Program
Certified Information Systems Risk and Compliance
Professional (CISRCP)
Distance Learning and Online Certification Program
To learn more:
www.risk-compliance-association.com/Distance_Learning_and_Certification.htm
Receive the New Member Orientation Newsletters
You will have the opportunity to learn what members
registered before you have already learned. Understand better
risk and compliance management, projects, careers, challenges
and opportunities.
| |
