Good outsourcing practices regardin

Good outsourcing practices regarding access should be practiced by your organization and its third parties. The GAPP gives the following examples of good access practices.

1.Provides personal information to the individual in a format that is understandable (for example, not in code, not in a series of numbers, not in overly technical language or other jargon) and in a form convenient to the individual and entity.
2.Makes a reasonable effort to locate the personal information requested and, if personal information cannot be found, keeps sufficient records to demonstrate that a reasonable search was made.
3.Takes reasonable precautions to ensure that personal information released does not identify another person, directly or indirectly.
4.Provides access to personal information in a timeframe similar to the entity's normal response times for other business transactions, or as permitted/required by law.
5.Provides access to personal information in archived or backup systems, and media.
6.Informs an individual of the cost of access at the time the access request is made or as soon as practical after that time.
7.Charges the individual for access to personal information at an amount, if any, that is not excessive in relation to the entity's cost of providing access.
8.Provides an appropriate physical space to inspect personal information