AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

Provide privacy notice to the public and to individuals | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Provide privacy notice to the public and to individuals

5023a9e7-8e64-2db6-31dc-7bce27f796af

Version

1.1.0
Details on versioning

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_C1861 - Provide privacy notice to the public and to individuals

Additional metadata

Name/Id: CMA_C1861 / CMA_C1861
Category: Operational
Title: Provide privacy notice to the public and to individuals
Ownership: Customer
Description: The customer is responsible for providing effective notice to the public and to individuals regarding: (i) its activities that impact privacy, including its collection, use, sharing, safeguarding, maintenance, and disposal of personally identifiable information (PII); (ii) authority for collecting PII; (iii) the choices, if any, individuals may have regarding how the organization uses PII and the consequences of exercising or not exercising those choices; and (iv) the ability to access and have PII amended or corrected if necessary.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)
Microsoft.Resources/subscriptions

Compliance

The following 2 compliance controls are associated with this Policy definition 'Provide privacy notice to the public and to individuals' (5023a9e7-8e64-2db6-31dc-7bce27f796af)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
hipaa	1906.06.c1Organizational.2-06.c	hipaa-1906.06.c1Organizational.2-06.c	1906.06.c1Organizational.2-06.c	19 Data Protection & Privacy	1906.06.c1Organizational.2-06.c 06.01 Compliance with Legal Requirements	Shared	n/a	The organization documents compliance with the notice requirements by retaining copies of the notices issued by the organization for a period of six years and, if applicable, any written acknowledgements of receipt of the notice or documentation of good faith efforts to obtain such written acknowledgement.		4
SOC_2	P1.1	SOC_2_P1.1	SOC 2 Type 2 P1.1	Additional Criteria For Privacy	Privacy notice	Shared	The customer is responsible for implementing this recommendation.	• Communicates to Data Subjects — Notice is provided to data subjects regarding the following: — Purpose for collecting personal information — Choice and consent — Types of personal information collected — Methods of collection (for example, use of cookies or other tracking techniques) — Use, retention, and disposal — Access — Disclosure to third parties — Security for privacy — Quality, including data subjects’ responsibilities for quality — Monitoring and enforcement • Provides Notice to Data Subjects — Notice is provided to data subjects (1) at or before the time personal information is collected or as soon as practical thereafter, (2) at or before the entity changes its privacy notice or as soon as practical thereafter, or (3) before personal information is used for new purposes not previously identified. • Covers Entities and Activities in Notice — An objective description of the entities and activities covered is included in the entity’s privacy notice. • Uses Clear and Conspicuous Language — The entity’s privacy notice is conspicuous and uses clear language.		5

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab	Regulatory Compliance	GA	BuiltIn
SOC 2 Type 2	4054785f-702b-4a98-9215-009cbd58b141	Regulatory Compliance	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29	add	5023a9e7-8e64-2db6-31dc-7bce27f796af

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC