Usage Control. A documented, role-based authorization concept must be provided for use of personal data which limits the use so that only authorized individuals can use the personal data necessary for their task (De Minimis Principal). The password rules for access control must also be followed for usage control. Administrative activities must be limited to a small group of administrators. Administrator activities must be monitored and logged to the extent that the effort involved is technically supportable. The company has implemented the requirement as follows: Role-based authorization concept User-dependent authentication with username and password Logging of user usage Assignment of authorizations only after approval by the data owner Administrative users are kept to a minimum and documented
Appears in 4 contracts
Samples: Data Protection Agreement, www.bhs-world.com, www.bhs-world.com
