Back

Allow the complainant to appear before the commissioner and make a submission, orally or in writing, about the privacy rights violation complaint investigation prior to an adverse decision to the complainant is reached.


CONTROL ID
00494
CONTROL TYPE
Behavior
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Investigate privacy rights violation complaints., CC ID: 00480

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The accreditation authority shall not revoke or suspend an authentication or recognition of an Authentication Service provider unless it has given the Authentication Service provider the opportunity to respond to the allegations in writing. (§ 31(2)(c)(i), The Electronic Communications and Transactions Act, 2002)
  • The accreditation authority shall not revoke or suspend an authentication or recognition of an Authentication Service provider unless it has given the Authentication Service provider the opportunity to correct the alleged breach inside a specified time. (§ 31(2)(c)(ii), The Electronic Communications and Transactions Act, 2002)
  • It is not necessary for a respondent or complainant to appear before the commissioner in connection with an investigation, subject to section 43(5). (§ 43(4), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • The information commissioner shall not make an adverse finding to a complainant or respondent unless they have been afforded the opportunity to appear before the commissioner and to make submissions, orally and/or in writing, about the investigation. (§ 43(5), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • An organization, be, or person may, with the commissioner's approval, represented by another person when they agency appear the commissioner. (§ 43(6), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • A person shall not refuse or fail to attend before the information commissioner when required by this act. (§ 65(1)(a), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • The information commissioner shall hold a conference when an organization, agency, or person notifies him or her inside the time period stated in the invitation that it wishes that a conference be held about the draft determination. (§ 76(1), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • (§ 43(5), Australia Privacy Act 1988)
  • The EU-U.S. DPF Panel has the authority to impose individual-specific, non-monetary equitable relief necessary to remedy non-compliance with the Principles. While the panel takes into account other remedies already obtained by other EU-U.S. DPF mechanisms when making its determination, individuals m… (2.4 (85), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • Finally, in addition to the redress avenues mentioned in recitals 176-198, any individual has the right to seek access to existing federal agency records under FOIA, including where these contain the individual's personal data. Gaining such access can also facilitate bringing proceedings before ordi… (3.2.3 (199), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • During a complaint investigation by the Privacy Commissioner, the complainant and the head of the government institution must be given the opportunity to make representations to the Commissioner; no one is permitted to be present during or have access to or comment on the representations made to the… (§ 33(2), Canada Privacy Act, P-21)
  • The educational agency or institution shall give the parent or eligible student a full and fair opportunity to present evidence relevant to the issues raised under §99.21. The parent or eligible student may, at their own expense, be assisted or represented by one or more individuals of his or her o… (§ 99.22(d), 34 CFR Part 99, Family Education Rights Privacy Act (FERPA))
  • Organizations are obligated to arbitrate claims and follow the terms as set forth in Annex I, provided that an individual has invoked binding arbitration by delivering notice to the organization at issue and following the procedures and subject to conditions set forth in Annex I. (II.7.c., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Organizations are obligated to arbitrate claims and follow the terms as set forth in Annex I, provided that an individual has invoked binding arbitration by delivering notice to the organization at issue and following the procedures and subject to conditions set forth in Annex I. (ii.7.c., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Organizations are obligated to arbitrate claims and follow the terms as set forth in Annex I, provided that an individual has invoked binding arbitration by delivering notice to the organization at issue and following the procedures and subject to conditions set forth in Annex I. (II.7.c., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • The informal panel of Data Protection Authorities will provide advice only after each side has had the opportunity to comment and provide evidence, usually inside of 60 days after receiving the complaint or referral, and more quickly if possible. (FAQ-The Role of the Data Protection Authorities ¶ 3 Bullet 4, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • So inform the covered entity or business associate and provide the covered entity or business associate an opportunity to submit written evidence of any mitigating factors or affirmative defenses for consideration under §§160.408 and 160.410 of this part. The covered entity or business associate m… (§ 160.312(a)(3)(i), 45 CFR Part 160 - General Administrative Requirements)
  • A respondent may request a hearing before an ALJ. The parties to the hearing proceeding consist of— (§ 160.504(a), 45 CFR Part 160 - General Administrative Requirements)
  • Provide individuals with notice and an opportunity to contest the findings before taking adverse action against an individual. (PT-8e., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Provide individuals with notice and an opportunity to contest the findings before taking adverse action against an individual. (PT-8e., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Provide individuals with notice and an opportunity to contest the findings before taking adverse action against an individual. (PT-8e., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • The controller shall inform the consumer of the consumer's ability to contact the attorney general if the consumer has concerns about the result of the appeal. (§ 6-1-1306 (3)(c), Colorado Revised Statutes, Title 6, Article 1, Part 13, Colorado Privacy Act)
  • The controller shall inform the consumer of the consumer's ability to contact the attorney general if the consumer has concerns about the result of the appeal. (§ 6-1-1306 (3)(c), Colorado Revised Statutes, Title 6, Article 1, Part 13, Colorado Privacy Act)
  • A controller shall establish a process for a consumer to appeal, within a reasonable period of time after the consumer's receipt of a decision by the controller under subsection (c)(2), the controller's refusal to take action on a request by the consumer under this section. The appeal process shall … (IC 24-15-3-1(d), Indiana Code, Title 24, Article 15, Consumer Data Protection)
  • A controller shall establish a process for a consumer to appeal the controller's refusal to act on a request within a reasonable period after the consumer's receipt of the decision. The appeal process must be conspicuously available and like the process for submitting requests to initiate action pur… (§ Section 5. (5), Montana Consumer Data Privacy Act 2023)
  • If the controller denies an appeal, the controller shall provide the consumer with the online mechanism described by Section 541.152 through which the consumer may contact the attorney general to submit a complaint. (§ 541.053 (d), Texas Business and Commercial Code, Title 11, Subtitle C, Chapter 541, Subchapter A, Section 541)
  • The educational agency or institution shall give the parent or eligible student a full and fair opportunity to present evidence relevant to the issues raised under § 99.21. The parent or eligible student may, at their own expense, be assisted or represented by one or more individuals of his or her … (§ 99.22 ¶ 1(d), 34 CFR Part 99, Family Educational Rights and Privacy)
  • In accordance with Sections 13 and 15 of this Act, in responding to the information request, the data file, bank, or register must state the reasons why the questioned information was included and the reasons why the requirements of the concerned party were not met. (§ 41, Argentina Personal Data Protection Act)