The customer is responsible for implementing this recommendation.
• Communicates Denial of Access Requests — Data subjects are informed, in writing,
of the reason a request for access to their personal information was denied, the
source of the entity’s legal right to deny such access, if applicable, and the individual’s
right, if any, to challenge such denial, as specifically permitted or required by
law or regulation.
• Permits Data Subjects to Update or Correct Personal Information — Data subjects
are able to update or correct personal information held by the entity. The entity
provides such updated or corrected information to third parties that were previously
provided with the data subject’s personal information consistent with the entity’s
objectives related to privacy.
• Communicates Denial of Correction Requests — Data subjects are informed, in
writing, about the reason a request for correction of personal information was denied
and how they may appeal.