Back

Notify respondents after a privacy rights violation complaint investigation begins.


CONTROL ID
00491
CONTROL TYPE
Behavior
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Investigate privacy rights violation complaints., CC ID: 00480

This Control has the following implementation support Control(s):
  • Include the allegations against the organization in the notice of investigation., CC ID: 13031


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The information commissioner shall notify the respondent that a matter from a complaint is to be investigated before beginning the investigation. (§ 43(1), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • The information commissioner must notify the agency that an act or practice by a contracted service provider that is providing a service to an agency under a commonwealth contract before starting an investigation of a complaint. (§ 43(1A), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • (§ 43(1), Australia Privacy Act 1988)
  • If the person who is in charge of the premises objects to the visit, the visit must be authorized by the President of the High Court or a judge mandated by him/her. The commission's chairperson will submit a petition to the judge who will make a ruling. The proceedings may take place without compuls… (Art 44.II, France Data Processing, Data Files and Individual Liberties)
  • Sixthly, as a recourse mechanism of 'last resort' in case none of the other available redress avenues has satisfactorily resolved an individual's complaint, the Union data subject may invoke binding arbitration by the 'EU-U.S. Data Privacy Framework Panel' (EU-U.S. DPF Panel). Organisations must inf… (2.4 (81), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • Firstly, Union data subjects may pursue cases of non-compliance with the Principles through direct contacts with the EU-U.S. DPF organisations. To facilitate resolution, the organisation must put in place an effective redress mechanism to deal with such complaints. An organisation's privacy policy m… (2.4 (69), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • The Office notifies in writing the complainant, if any, and the educational agency or institution, the recipient of Department funds under any program administered by the Secretary, or the third party outside of an educational agency or institution if it initiates an investigation under §99.64(b). … (§ 99.65(a), 34 CFR Part 99, Family Education Rights Privacy Act (FERPA))
  • Directs the agency or institution, other recipient, or third party to submit a written response and other relevant information, as set forth in §99.62, within a specified period of time, including information about its policies and practices regarding education records. (§ 99.65(a)(2), 34 CFR Part 99, Family Education Rights Privacy Act (FERPA))
  • Individuals should be encouraged to raise any complaints they may have with the relevant organization before proceeding to independent recourse mechanisms. Organizations must respond to an individual within 45 days of receiving a complaint. Whether a recourse mechanism is independent is a factual qu… (III.11.d.i., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Individuals should be encouraged to raise any complaints they may have with the relevant organization before proceeding to independent recourse mechanisms. Organizations must respond to an individual within 45 days of receiving a complaint. Whether a recourse mechanism is independent is a factual qu… (iii.11.d.i., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Individuals should be encouraged to raise any complaints they may have with the relevant organization before proceeding to independent recourse mechanisms. Organizations must respond to an individual within 45 days of receiving a complaint. Whether a recourse mechanism is independent is a factual qu… (III.11.d.i., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • The taxpayer must be notified as soon as possible if an investigation is initiated for unauthorized disclosure. (Exhibit 5, IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return Information)