AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

Determine legal authority to collect PII | Regulatory Compliance - Documentation

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Determine legal authority to collect PII

7d70383a-32f4-a0c2-61cf-a134851968c2

Version

1.1.0
Details on versioning

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_C1800 - Determine legal authority to collect PII

Additional metadata

Name/Id: CMA_C1800 / CMA_C1800
Category: Documentation
Title: Determine legal authority to collect PII
Ownership: Customer
Description: The customer is responsible for determining and documenting the legal authority that permits the collection, use, maintenance, and sharing of Personally Identifiable Information (PII), either generally or in support of a specific program or information system need.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)
Microsoft.Resources/subscriptions

Compliance

The following 1 compliance controls are associated with this Policy definition 'Determine legal authority to collect PII' (7d70383a-32f4-a0c2-61cf-a134851968c2)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
SOC_2	P3.1	SOC_2_P3.1	SOC 2 Type 2 P3.1	Additional Criteria For Privacy	Consistent personal information collection	Shared	The customer is responsible for implementing this recommendation.	• Limits the Collection of Personal Information — The collection of personal information is limited to that necessary to meet the entity’s objectives. • Collects Information by Fair and Lawful Means — Methods of collecting personal information are reviewed by management before they are implemented to confirm that personal information is obtained (a) fairly, without intimidation or deception, and (b) lawfully, adhering to all relevant rules of law, whether derived from statute or common law, relating to the collection of personal information. • Collects Information From Reliable Sources — Management confirms that third parties from whom personal information is collected (that is, sources other than the individual) are reliable sources that collect information fairly and lawfully. • Informs Data Subjects When Additional Information Is Acquired — Data subjects are informed if the entity develops or acquires additional information about them for its use.		4

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
SOC 2 Type 2	4054785f-702b-4a98-9215-009cbd58b141	Regulatory Compliance	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29	add	7d70383a-32f4-a0c2-61cf-a134851968c2

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC