last sync: 2023-Jun-07 17:44:43 UTC

Azure Policy definition

Provide privacy notice to the public and to individuals

Name Provide privacy notice to the public and to individuals
Azure Portal
Id 5023a9e7-8e64-2db6-31dc-7bce27f796af
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_C1861 - Provide privacy notice to the public and to individuals
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual, Disabled
IF (1)
Compliance The following 2 compliance controls are associated with this Policy definition 'Provide privacy notice to the public and to individuals' (5023a9e7-8e64-2db6-31dc-7bce27f796af)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
hipaa 1906.06.c1Organizational.2-06.c hipaa-1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 19 Data Protection & Privacy 1906.06.c1Organizational.2-06.c 06.01 Compliance with Legal Requirements Shared n/a The organization documents compliance with the notice requirements by retaining copies of the notices issued by the organization for a period of six years and, if applicable, any written acknowledgements of receipt of the notice or documentation of good faith efforts to obtain such written acknowledgement. 4
SOC_2 P1.1 SOC_2_P1.1 SOC 2 Type 2 P1.1 Additional Criteria For Privacy Privacy notice Shared The customer is responsible for implementing this recommendation. • Communicates to Data Subjects — Notice is provided to data subjects regarding the following: — Purpose for collecting personal information — Choice and consent — Types of personal information collected — Methods of collection (for example, use of cookies or other tracking techniques) — Use, retention, and disposal — Access — Disclosure to third parties — Security for privacy — Quality, including data subjects’ responsibilities for quality — Monitoring and enforcement • Provides Notice to Data Subjects — Notice is provided to data subjects (1) at or before the time personal information is collected or as soon as practical thereafter, (2) at or before the entity changes its privacy notice or as soon as practical thereafter, or (3) before personal information is used for new purposes not previously identified. • Covers Entities and Activities in Notice — An objective description of the entities and activities covered is included in the entity’s privacy notice. • Uses Clear and Conspicuous Language — The entity’s privacy notice is conspicuous and uses clear language. 5
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add 5023a9e7-8e64-2db6-31dc-7bce27f796af
Initiative DisplayName Initiative Id Initiative Category State Type
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn