Determine legal authority to collect PII

Azure Policy definition

Determine legal authority to collect PII

Control Domain

Control

Name

MetadataId

Category

Title

Owner

Requirements

Description

Info

Policy#

SOC_2

P3.1

SOC_2_P3.1

SOC 2 Type 2 P3.1

Additional Criteria For Privacy

Consistent personal information collection

Shared

The customer is responsible for implementing this recommendation.

• Limits the Collection of Personal Information — The collection of personal information is limited to that necessary to meet the entity’s objectives. • Collects Information by Fair and Lawful Means — Methods of collecting personal information are reviewed by management before they are implemented to confirm that personal information is obtained (a) fairly, without intimidation or deception, and (b) lawfully, adhering to all relevant rules of law, whether derived from statute or common law, relating to the collection of personal information. • Collects Information From Reliable Sources — Management confirms that third parties from whom personal information is collected (that is, sources other than the individual) are reliable sources that collect information fairly and lawfully. • Informs Data Subjects When Additional Information Is Acquired — Data subjects are informed if the entity develops or acquires additional information about them for its use.

Initiative DisplayName

Initiative Id

Initiative Category

State

Type

SOC 2 Type 2

4054785f-702b-4a98-9215-009cbd58b141

Regulatory Compliance

BuiltIn

AzPolicyAdvertizer

Azure Policy definition

Determine legal authority to collect PII

JSON Left

JSON Right