PRI-01.3: Dissemination of Data Privacy Program...

PRI-01.3 · Dissemination of Data Privacy Program Information

Control Description

Mechanisms exist to: (1) Ensure that the public has access to information about organizational data privacy activities and can communicate with its Chief Privacy Officer (CPO) or similar role; (2) Ensure that organizational data privacy practices are publicly available through organizational websites or document repositories; (3) Utilize publicly facing email addresses and/or phone lines to enable the public to provide feedback and/or direct questions to data privacy office(s) regarding data privacy practices; and (4) Inform data subjects when changes are made to the privacy notice and the nature of such changes.

Control Question

Assessment question for control validation

Does the organization: (1) Ensure that the public has access to information about organizational data privacy activities and can communicate with its Chief Privacy Officer (CPO) or similar role; (2) Ensure that organizational data privacy practices are publicly available through organizational websites or document repositories; (3) Utilize publicly facing email addresses and/or phone lines to enable the public to provide feedback and/or direct questions to data privacy office(s) regarding data privacy practices; and (4) Inform data subjects when changes are made to the privacy notice and the nature of such changes?

Control Weighting

Validation Cadence

Annual

NIST CSF Function

Identify

Supply Chain Risk Management (SCRM) Tiers

Applicable SCRM tier levels for this control

Tier 1 - Strategic

Tier 2 - Operational

Core Control Designations

Special designations and baseline inclusions

MAD: PRI-01.3

Additional Metadata

Applicability (Process):