Data Privacy Objectives
- Identify applicable laws and regulations in the jurisdictions in which Splunk maintains a business presence
- Define what information assets are and are not considered personal information and sensitive personal information.
- Establish the minimum standards for the processing, protection and handling of personal information and sensitive personal information in both digital and paper formats.
- Determine ownership and assign accountability for the protection of all personal information assets.
- Establish limits on the collection, use and sharing of all personal information assets.
- Establish controls to prevent the misuse of all personal information assets.
- Information security incidents, whether found to contain personal information or not, are governed by Splunk’s incident response plan.