A preferred embodiment of the present invention comprises a method and system
for
promoting compliance with data protection and privacy laws and regulations relating
to the privacy rights of individuals. The method comprises the following steps:
(1) informing an individual involved in potential disclosure of the individual's
personal data to an entity that the entity has certified its compliance with approved
privacy and data security practices; (2) obtaining the individual's consent to
have the entity receive, or acknowledgment that the entity will receive, and use
the individual's personal data in accordance with a stated policy or with relevant
data protection and privacy laws and regulations covering the use of personal data
in at least the individual's country of location; (3) transmitting to the entity
data indicating that the individual has been informed of the entity's privacy practices
and consented to the entity receiving, or acknowledgment that the entity will be
receiving, and using the individual's personal data; (4) receiving from the entity
data comprising personal data collected by the entity from the individual; and
(5) periodically checking whether the entity has complied with the stated policy
or with relevant data protection and privacy laws and regulations covering the
use of personal data in at least the individual's or the entity's country of location.
