PRI-04.7 ยท Personal Data (PD) Collection Methods

Control Description

Mechanisms exist to ensure that Personal Data (PD) collection methods are: (1) In accordance with applicable statutory and/or regulatory requirements; (2) Appropriate for the circumstances of the data subject; (3) Unambiguous; and (4) Secure.

Control Question
Assessment question for control validation

Does the organization ensure that Personal Data (PD) collection methods are: (1) In accordance with applicable statutory and/or regulatory requirements; (2) Appropriate for the circumstances of the data subject; (3) Unambiguous; and (4) Secure?

Control Weighting
3
Validation Cadence
Semi-Annual
NIST CSF Function
Protect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Tier 3 - Tactical
Additional Metadata
Applicability (Process):
x