It also states the purpose of monitoring employee use of Personal Information. The third part of the policy discusses how employees’ use of Personal Information will be managed. The fourth part of the policy states the implications for employees if the policy is violated.
Security. In the section titled Security: A manager must clearly state that a person receiving an access authorization cannot use this authorization to disclose security-related sensitive personal information to a third party without the approval or consent of the individual. Furthermore, it is prohibited to use security sensitive personal information to provide a third party with general security information without first obtaining the individual’s consent. in the same manner.
Protection from Abuse. In the Privacy section, it is clarified that no person in the employment shall disclose or distribute PII to a third party without first receiving the individual’s consent.
Use Of Information. In the Privacy section, it is again clarified that an individual should not use PII to target another individual without the individuals consent or permission. This section is a call for the use of caution when using PII for the purposes of marketing.