This section defines general privacy requirements for all USG institutions, the USO, the GPLS, and the Georgia Archives.
All USG participant organizations shall enact and maintain a permanent privacy processes and procedures in adherence with this standard, which includes, but is not necessarily limited to, the following principles:
- Personally identifiable information may only be obtained through lawful means.
- The purposes for which personally identifiable data are collected shall be specified at or prior to the time of collection, and any subsequent use of the data shall be limited to and consistent with the fulfillment of those purposes previously specified.
- Personal data may not be disclosed, made available, or otherwise used for a purpose other than those specified, except with the consent of the subject of the data, or as required by law or regulation.
- Personal data collected shall be relevant to the purpose for which it is needed.
- The general means by which personal data is protected against loss, unauthorized access, use, modification, or disclosure shall be posted, unless the disclosure of those general means would compromise legitimate USG entity objectives or law enforcement purposes.
6.1.3 Applicability and Compliance
Each USG participant organization shall implement this privacy standard by:
- Designating which position within the organization is responsible for the implementation of and adherence to this privacy standard;
- Prominently posting the standard physically in its offices and on its intranet website, if any;
- Distributing the standard to each of its employees and contractors who have access to personal data;
- Complying with the USG Privacy Standard and all other State and Federal laws pertaining to information privacy; and,