The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Additional metadata
Name/Id: CMA_C1861 / CMA_C1861 Category: Operational Title: Provide privacy notice to the public and to individuals Ownership: Customer Description: The customer is responsible for providing effective notice to the public and to individuals regarding: (i) its activities that impact privacy, including its collection, use, sharing, safeguarding, maintenance, and disposal of personally identifiable information (PII); (ii) authority for collecting PII; (iii) the choices, if any, individuals may have regarding how the organization uses PII and the consequences of exercising or not exercising those choices; and (iv) the ability to access and have PII amended or corrected if necessary. Requirements: The customer is responsible for implementing this recommendation.
The following 2 compliance controls are associated with this Policy definition 'Provide privacy notice to the public and to individuals' (5023a9e7-8e64-2db6-31dc-7bce27f796af)
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators: <, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx: Learn more
1906.06.c1Organizational.2-06.c 06.01 Compliance with Legal Requirements
Shared
n/a
The organization documents compliance with the notice requirements by retaining copies of the notices issued by the organization for a period of six years and, if applicable, any written acknowledgements of receipt of the notice or documentation of good faith efforts to obtain such written acknowledgement.
The customer is responsible for implementing this recommendation.
• Communicates to Data Subjects — Notice is provided to data subjects regarding the
following:
— Purpose for collecting personal information
— Choice and consent
— Types of personal information collected
— Methods of collection (for example, use of cookies or other tracking techniques)
— Use, retention, and disposal
— Access
— Disclosure to third parties
— Security for privacy
— Quality, including data subjects’ responsibilities for quality
— Monitoring and enforcement
• Provides Notice to Data Subjects — Notice is provided to data subjects (1) at or before
the time personal information is collected or as soon as practical thereafter, (2)
at or before the entity changes its privacy notice or as soon as practical thereafter,
or (3) before personal information is used for new purposes not previously identified.
• Covers Entities and Activities in Notice — An objective description of the entities
and activities covered is included in the entity’s privacy notice.
• Uses Clear and Conspicuous Language — The entity’s privacy notice is conspicuous
and uses clear language.
5
No results
Initiatives usage
Rows: 1-2 / 2
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators: <, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx: Learn more