Recent enforcement action by the Canadian and Australian Privacy Commissioners and the United States Federal Trade Commission provides important guidance for compliance with personal information protection laws. Most importantly, organizations must establish an information security governance framework to ensure that appropriate practices, systems and procedures for the protection of personal information are established, consistently understood and effectively implemented.
A documented, appropriate information security governance framework will not only help an organization comply with personal information protection laws, but it will also help an organization and its directors and officers comply with other legal duties and obligations regarding risk management and the protection of regulated, protected and sensitive information.
Read more here.