1. Do you have the appropriate privacy policies in place to govern commercial and employee privacy and social media?
  2. Have you conducted in-house education programs to ensure that all employees are aware of their obligations under privacy laws and your organization’s policies?
  3. Have you done a reality check to make sure that your company's practices follow the commitments made in the privacy policies regarding the collection, use, storage, disclosure and disposal of personal information?
  4. Do you know where your personal information is stored and whether it is secure?
  5. Do you have passwords and other technological, physical and administrative security measures in place to protect personal information, which are appropriate to the sensitivity of such information?
  6. Have you restricted access to personal information to those employees with a need to know?
  7. Do you have the consent of any identifiable individual whose name, likeness, image or other personal information is used in advertisements, websites and other external or promotional material?
  8. Do you have a response plan in place to deal with any privacy breaches, including legal, PR, IT and HR issues?
  9. Do you have employee rules and policies in place to govern the use and safekeeping of portable data devices as well as company-issued personal electronic devices including laptops and smart phones?
  10. Have you appointed a person/office to oversee privacy compliance and deal with privacy complaints/questions?