#compliance

Design KYC/AML compliance verification flow. Steps: 1. User document upload (Passport/ID). 2. Optical Character Recognition (OCR) data extraction. 3. Face liveness detection (biometrics). 4. Sanctions screening (OFAC, PEPS). 5. Address verification service (AVS). 6. Risk scoring model implementation. 7. Manual review queue for flagged cases. 8. Audit trail and record retention. Include webhook notifications for status updates.

Generate a GDPR-compliant privacy policy for a mobile app. Clauses: 1. Data collection types (Personal, Usage). 2. Purpose of data processing. 3. Legal basis for processing. 4. Data retention period. 5. User rights (Access, Erasure, Portability). 6. Third-party data sharing. 7. Security measures. 8. Contact information for Data Protection Officer (DPO). Include cookie policy reference.

Draft comprehensive SaaS legal framework. Documents: 1. Terms of Service with acceptable use policy. 2. Privacy Policy compliant with GDPR and CCPA. 3. Service Level Agreement (SLA) with uptime guarantees. 4. Data Processing Agreement (DPA) for enterprise clients. 5. Cookie Policy and consent management. 6. Refund and cancellation policy. 7. Intellectual property and licensing terms. 8. Dispute resolution and arbitration clauses. Include plain language summaries and version control system.

Create FDA-compliant nutrition labels. Requirements: serving size, calories, 13 nutrients (fat, cholesterol, sodium, carbs, protein, vitamins). Calculation: 1. List all ingredients with amounts. 2. Use USDA database for nutrient values. 3. Calculate per serving. 4. Round per FDA rules. Software: Genesis R&D, ReciPal. Rounding: calories to nearest 5, fat to nearest 0.5g. Claims: 'low fat' (<3g), 'high fiber' (5g+), 'good source' (10-19% DV). Explain daily values, label format updates 2020, and compliance deadlines.

Execute SMS marketing effectively. Best practices: 1. Explicit opt-in with clear expectations. 2. Keep messages concise (160 characters). 3. Personalize with name or behavior. 4. Timing considerations (not too early/late). 5. Clear  value proposition. 6. Easy opt-out mechanism. 7. Frequency caps to avoid annoyance. 8. TCPA and GDPR compliance. Use Twilio or Attentive. High open rates but use sparingly.

Prepare an IRB (Institutional Review Board) application. Required elements: 1. Study purpose and design. 2. Participant recruitment and selection. 3. Informed consent process and forms. 4. Risks and benefits assessment. 5. Data collection procedures. 6. Privacy and confidentiality protections. 7. Data storage and security. 8. Vulnerable populations considerations. Determine review level (exempt, expedited, full). Address ethical principles (beneficence, justice, respect). Include all study materials. Plan for adverse events. Allow 4-8 weeks for review. Obtain approval before starting.

Write a transparent security breach notification. Must include: 1. Clear statement that breach occurred. 2. What data was compromised. 3. What data was NOT affected. 4. Timeline of discovery and response. 5. Immediate actions taken to secure systems. 6. Required customer actions (password reset, monitor accounts). 7. Resources provided (credit monitoring, support line). 8. Commitment to preventing future incidents. Be honest, clear, and action-oriented.

Develop a product recall notification. Critical elements: 1. Urgent, clear subject line. 2. Specific products affected (model numbers, dates). 3. Nature of the safety issue. 4. Immediate actions customers should take. 5. Return/replacement process. 6. Compensation details. 7. Safety hotline and resources. 8. Apology and commitment to safety. Use multiple channels (email, SMS, social media). Prioritize customer safety above all.

Ensure product accessibility compliance following WCAG 2.1 standards. WCAG principles (POUR): 1. Perceivable: information must be presentable in ways users can perceive. 2. Operable: interface components must be operable by all users. 3. Understandable: information and UI operation must be understandable. 4. Robust: content must be robust enough for various assistive technologies. Key requirements: 1. Color contrast: 4.5:1 ratio for normal text, 3:1 for large text. 2. Keyboard navigation: all functionality accessible via keyboard. 3. Alt text: meaningful descriptions for images. 4. Focus indicators: visible outline when tabbing through elements. 5. Semantic HTML: proper heading hierarchy, form labels. Testing approach: 1. Automated scanning: axe-core, WAVE for initial detection. 2. Manual testing: keyboard-only navigation, screen reader testing. 3. User testing: recruit users with disabilities. Implementation: integrate accessibility into design system, developer training, legal compliance for ADA/Section 508.

Implement robust data governance for user privacy compliance. Data classification: 1. Public: can be shared freely (marketing content). 2. Internal: company confidential information. 3. Personal: user-identifiable information (PII). 4. Sensitive: payment data, health records, requiring encryption. Privacy compliance framework: 1. Data minimization: collect only necessary information. 2. Purpose limitation: use data only for stated purposes. 3. Consent management: clear opt-in/opt-out mechanisms. 4. Right to erasure: ability to delete user data. 5. Data portability: export user data on request. Technical implementation: 1. Encryption at rest and in transit. 2. Access controls: role-based permissions. 3. Audit logging: track data access and modifications. 4. Anonymization: remove identifiers for analytics. 5. Retention policies: automatic deletion of old data. Tools: OneTrust for consent management, Privacera for data discovery. Regular audits: quarterly privacy impact assessments, annual security reviews.

Handle data privacy requests. Process: 1. Acknowledge request within required timeframe. 2. Verify customer identity securely. 3. Explain what data you hold. 4. Provide data export in readable format. 5. Process deletion requests per policy. 6. Confirm completion of request. 7. Explain data retention requirements. 8. Document all requests for compliance. Follow GDPR/CCPA requirements strictly.

Implement HACCP for restaurant compliance. Seven principles: 1. Conduct hazard analysis (biological, chemical, physical). 2. Determine critical control points (CCPs). 3. Establish critical limits (temps, times, pH). 4. Monitor CCPs with logs. 5. Corrective actions when limits exceeded. 6. Verification procedures (audits). 7. Record-keeping and documentation. Example CCP: cooking chicken to 165°F. Temperature danger zone: 40-140°F. Train all staff. Regular audits. Explain pathogen growth, cross-contamination prevention, and health department requirements.