Back

Include the legal intellectual property responsibilities in the Code of Conduct.


CONTROL ID
04898
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a Code of Conduct., CC ID: 04897

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Terms and Conditions of employment should explain the employee's legal responsibilities and rights (e.g., regarding copyright laws, data protection, or privacy legislation). (CF.02.01.02b, The Standard of Good Practice for Information Security)
  • Terms and Conditions of employment should explain the employee's legal responsibilities and rights (e.g., regarding copyright laws, data protection, or privacy legislation). (CF.02.01.02b, The Standard of Good Practice for Information Security, 2013)
  • The Privacy Commissioner, and everyone who acts on his/her behalf or under his/her direction who obtains or receives investigation information, must, with respect to the use of and access to the information, satisfy all security requirements and must take an oath of secrecy. The Privacy Commissioner… (§ 62, § 63, Canada Privacy Act, P-21)
  • Subject to Sections 13(3), 19(1), and 20(2) to 20(5), the Privacy Commissioner, or anyone acting on his/her behalf or under his/her direction, must not disclose information learned during the exercise or performance of any duties or powers. (§ 20(1), Canada Personal Information Protection Electronic Documents Act (PIPEDA), 2000, c.5)
  • Public servants, workers, professionals, and others who have access to personal data or files by virtue of their activities are obliged to maintain confidentiality, which will continue after the relationship has ended. Violation of this is punishable under criminal law. (Art 4.XI, Colima Personal Data Protection Law (Decree No. 356))
  • Public servants who have access to files or databases are required to maintain the confidentiality of this information. The confidentiality obligation will continue after the employment relationship has ended. The obligation of confidentiality may be relieved if a judge or a mediator decides it woul… (Art 8, Guanajuato Personal Data Protection Law)
  • Responsible persons involved in any phase of registration or personal data transfers are obligated to maintain the confidentiality of the information. The obligation to keep information confidentiality continues after the relationship with the data file owner has ended. (Art 40 Bis 21, Jalisco (Civil Code of the State of Jalisco (Article 40 Bis 1 to Article 40 Bis 39))
  • The person in charge of the personal data and everyone involved in collecting and processing personal data are required to maintain professional secrecy, even after the relationship with the data subject are concluded. (Art 51 ¶ 1, Tlaxcala Law on Access to Public Information and Personal Data Protection)
  • Personal data systems in the possession of public entities must be governed by a confidentiality principle. This means guarantees are made that personal data can be accessed only by the concerned person and a secrecy obligation by the personal data system controller and users. Legal instruments abou… (Art 5, The Personal Data Protection Law for the Federal District (Mexico City))
  • Anyone working with sensitive data has a responsibility to keep that data confidential unless they are "discharged from the confidentiality obligation by judicial resolution". (§ 10, Argentina Personal Data Protection Act)