PRI-03: Choice & Consent

PRI-03 · Choice & Consent

Control Description

Mechanisms exist to enable data subjects to authorize the collection, processing, storage, sharing, updating and disposal of their Personal Data (PD), where prior to collection the data subject is provided with: (1) Plain language to illustrate the potential data privacy risks of the authorization; (2) A means for users to decline the authorization; and (3) All necessary choice and consent-related criteria required by applicable statutory, regulatory and contractual obligations.

Control Question

Assessment question for control validation

Does the organization authorize the collection, processing, storage, sharing, updating and disposal of a data subject's Personal Data (PD), where prior to collection the data subject is provided with: (1) Plain language to illustrate the potential data privacy risks of the authorization; (2) A means for users to decline the authorization; and (3) All necessary choice and consent-related criteria required by applicable statutory, regulatory and contractual obligations?

Control Weighting

Validation Cadence

Semi-Annual

NIST CSF Function

Identify

Supply Chain Risk Management (SCRM) Tiers

Applicable SCRM tier levels for this control

Tier 2 - Operational

Core Control Designations

Special designations and baseline inclusions

MAD: PRI-03

Additional Metadata

Applicability (Process):