Privacy complaint management and compliance management
The customer is responsible for implementing this recommendation.
• Communicates to Data Subjects — Data subjects are informed about how to contact
the entity with inquiries, complaints, and disputes.
• Addresses Inquiries, Complaints, and Disputes — A process is in place to address
inquiries, complaints, and disputes.
• Documents and Communicates Dispute Resolution and Recourse — Each complaint
is addressed and the resolution is documented and communicated to the individual.
• Documents and Reports Compliance Review Results — Compliance with objectives
related to privacy are reviewed and documented and the results of such reviews are
reported to management. If problems are identified, remediation plans are developed
• Documents and Reports Instances of Noncompliance — Instances of noncompliance
with objectives related to privacy are documented and reported and, if needed, corrective
and disciplinary measures are taken on a timely basis.
• Performs Ongoing Monitoring — Ongoing procedures are performed for monitoring
the effectiveness of controls over personal information and for taking timely
corrective actions when necessary.