CMA_C1847 - Publish rules and regulations accessing Privacy Act records
Name/Id: CMA_C1847 / CMA_C1847 Category: Operational Title: Publish rules and regulations accessing Privacy Act records Ownership: Customer Description: The customer is responsible for publishing rules and regulations governing how individuals may request access to records maintained in a Privacy Act system of records. Requirements: The customer is responsible for implementing this recommendation.
Default Manual Allowed Manual, Disabled
Rule resource types
IF (1) Microsoft.Resources/subscriptions
The following 2 compliance controls are associated with this Policy definition 'Publish rules and regulations accessing Privacy Act records' (ad1d562b-a04b-15d3-6770-ed310b601cb5)
The customer is responsible for implementing this recommendation.
• Authenticates Data Subjects’ Identity — The identity of data subjects who request
access to their personal information is authenticated before they are given access to
• Permits Data Subjects Access to Their Personal Information — Data subjects are
able to determine whether the entity maintains personal information about them
and, upon request, may obtain access to their personal information.
• Provides Understandable Personal Information Within Reasonable Time — Personal
information is provided to data subjects in an understandable form, in a reasonable
time frame, and at a reasonable cost, if any.
• Informs Data Subjects If Access Is Denied — When data subjects are denied access
to their personal information, the entity informs them of the denial and the reason
for the denial in a timely manner, unless prohibited by law or regulation.