CMA_C1822 - Collect PII directly from the individual
Name/Id: CMA_C1822 / CMA_C1822 Category: Operational Title: Collect PII directly from the individual Ownership: Customer Description: The customer is responsible for collecting PII directly from the individual to the greatest extent practicable. Requirements: The customer is responsible for implementing this recommendation.
Default Manual Allowed Manual, Disabled
Rule resource types
IF (1) Microsoft.Resources/subscriptions
The following 1 compliance controls are associated with this Policy definition 'Collect PII directly from the individual' (964b340a-43a4-4798-2af5-7aedf6cb001b)
The customer is responsible for implementing this recommendation.
• Obtains Explicit Consent for Sensitive Information — Explicit consent is obtained
directly from the data subject when sensitive personal information is collected,
used, or disclosed, unless a law or regulation specifically requires otherwise.
• Documents Explicit Consent to Retain Information — Documentation of explicit
consent for the collection, use, or disclosure of sensitive personal information is retained
in accordance with objectives related to privacy.