# O3.17 Ensure compliance with privacy laws and evaluate risks around PII

{% tabs %}
{% tab title="Principle" %}
[O3: Ensure data privacy by design](/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design.md)
{% endtab %}

{% tab title="Risk" %}

{% endtab %}

{% tab title="Life Cycle Stage " %}
[L2: Strategy & Design](/safeguards/universal-dpi-safeguards-framework/life-cycle-stages.md)
{% endtab %}
{% endtabs %}

## Practices

> Configure systems to automatically enforce the highest privacy settings as default, minimizing the amount of personal data collected and ensuring that only necessary data is processed. 
>
> Practice data minimization, which is the retention of only the minimum amount of Personally Identifiable Information (PII) necessary for the intended purpose, and regularly review and purge unnecessary data. 
>
> Data Encryption: Use strong encryption methods to protect data both in transit and at rest, ensuring that unauthorized parties cannot access or interpret sensitive information.
>
> Access Controls: Implement strict access controls and authentication measures to limit who can view or modify personal data, ensuring that only authorized individuals have access.
>
> Privacy Training and Awareness: Provide ongoing privacy training for employees to ensure they understand privacy principles and how to handle personal data responsibly.
>
> Regular Audits and Reviews: Conduct regular audits and reviews of data handling practices and privacy measures to ensure they remain effective and compliant with evolving regulations.
>
> Incident Response Planning: Develop and maintain a clear incident response plan to quickly address and mitigate the impact of any data breaches or privacy incidents.

## Resources

<table data-view="cards"><thead><tr><th></th><th></th><th></th></tr></thead><tbody><tr><td><strong>References</strong></td><td>Department of Homeland Security. Privacy Impact Assessments. https://www.dhs.gov/privacy-impact-assessments</td><td></td></tr><tr><td></td><td></td><td></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/processes/o3.17-ensure-compliance-with-privacy-laws-and-evaluate-risks-around-pii.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.