The customer is responsible for implementing this recommendation.
• Limits the Collection of Personal Information — The collection of personal information
is limited to that necessary to meet the entity’s objectives.
• Collects Information by Fair and Lawful Means — Methods of collecting personal
information are reviewed by management before they are implemented to confirm
that personal information is obtained (a) fairly, without intimidation or deception,
and (b) lawfully, adhering to all relevant rules of law, whether derived from statute
or common law, relating to the collection of personal information.
• Collects Information From Reliable Sources — Management confirms that third
parties from whom personal information is collected (that is, sources other than the
individual) are reliable sources that collect information fairly and lawfully.
• Informs Data Subjects When Additional Information Is Acquired — Data subjects
are informed if the entity develops or acquires additional information about them
for its use.