Back

Define the available administrative remedies in regards to a privacy rights violation complaint.


CONTROL ID
00497
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Develop remedies and sanctions for privacy policy violations., CC ID: 00474

This Control has the following implementation support Control(s):
  • Order the organization to change to be in compliance with applicable law., CC ID: 00499
  • Order the organization to publish a notice with the corrections or actions taken., CC ID: 00500
  • Award damages based on applicable law., CC ID: 00501


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The accreditation authority may suspend the accreditation or recognition of an Authentication Service provider immediately for a period on no more than 90 days, pending implementation of the procedures in section 31(2), if the accreditation or recognition is likely to result in irreparable harm to c… (§ 31(3), The Electronic Communications and Transactions Act, 2002)
  • If a judge determines that an interception was effected or used for purposes contrary to or in violation of this act or other law, the judge may make an order as the judge considers is appropriate in relation to the law enforcement officer or service provider. (§ 67(7), The Electronic Communications and Transactions Act, 2002)
  • If a judge determines that an interception was effected or used for purposes contrary to or in violation of this act or other law, the judge may make an order as the judge considers is appropriate in relation to the law enforcement officer or service provider. (§ 68(7), The Electronic Communications and Transactions Act, 2002)
  • The organization shall ensure it has enforcement procedures available under its law for effective action against the infringement of intellectural property rights, including expeditious remedies to prevent infringements and to deter further infringements. (Art 6 ¶ 1, Anti-Counterfeiting Trade Agreement)
  • Civil judicial procedures shall be available to right holders for enforcing intellectual property rights. (Art 7 ¶ 1, Anti-Counterfeiting Trade Agreement)
  • Procedures for civil remedies that are a result of administrative procedures shall conform to principles which are equivalent in substance to this agreement. (Art 7 ¶ 2, Anti-Counterfeiting Trade Agreement)
  • A party that provides a remedy from Article 9 ¶ 3(a) or a presumption from Article 9 ¶ 3(b) shall ensure the right holder or the judicial authorities have the right to choose one of these as an alternative to the remedies in Article 9 ¶ 1 and 2. (Art 9 ¶ 4, Anti-Counterfeiting Trade Agreement)
  • Competent authorities may be provided the authority to impose administrative penalties when a determination is made that the products are infringing. (Art 20 ¶ 3, Anti-Counterfeiting Trade Agreement)
  • Each party shall provide for criminal procedures and penalties to be applied for cases of wilful trademark counterfeiting, copyright, or related rights piracy on a commercial scale. (Art 23 ¶ 1, Anti-Counterfeiting Trade Agreement)
  • Each party shall provide for criminal procedures and penalties to be applied for cases of wilful importation and domestic use, in the course of trade and on commercial scale, of labels and packaging that a mark has been applied absent authorization which is identical or cannot be distinguished from … (Art 23 ¶ 2(a), Anti-Counterfeiting Trade Agreement)
  • Each party shall provide for criminal procedures and penalties to be applied for cases of wilful importation and domestic use, in the course of trade and on commercial scale, of labels and packaging intended to be used for trade or services that are identical to the products or services for which th… (Art 23 ¶ 2(b), Anti-Counterfeiting Trade Agreement)
  • A party may provide criminal procedures and penalties for unauthorized copying of cinematographic works from a performance in a motion picture theater that is generally open to the public. (Art 23 ¶ 3, Anti-Counterfeiting Trade Agreement)
  • A party shall ensure criminal liability for aiding and abetting is available. (Art 23 ¶ 4, Anti-Counterfeiting Trade Agreement)
  • Each party shall have adequate legal protection and effective legal remedies against circumventing effective technological measures that restrict actions that are not authorized by the author or allowed by law. (Art 27 ¶ 5, Anti-Counterfeiting Trade Agreement)
  • The competent Minister may recommend a business operator that handles personal information cease violating the provisions of Articles 16 to 18, Articles 20 to 27, or Article 30(2) and take measures to correct the violation when the competent Minister determines it is necessary to protect the interes… (Art 34, Japan Act on the Protection of Personal Information Protection (Law No. 57 of 2003))
  • The Data Principal shall exhaust the opportunity of redressing her grievance under this section before approaching the Board. (§ 13.(3), Digital Personal Data Protection Act, 2023, August 11, 2023)
  • Every provider of telecommunications billing services shall prepare a procedure for raising an objection by users of telecommunications billing services in connection with the services and redressing damages to their rights, as prescribed by Presidential Decree, and where he or she enters into a con… (Article 59(2), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
  • The right to appropriate redress for any damage arising out of the processing of such personal information in a prompt and fair procedure. (Article 4 ¶ 1 (5), Personal Information Protection Act)
  • Where a data subject suffers damage out of loss, theft, divulgence, forgery, alteration, or damage of his/her own personal information, caused by wrongful intent or negligence of a personal information controller, the Court may determine the damages not exceeding three times such damage: Provided, T… (Article 39(3), Personal Information Protection Act)
  • The information commissioner shall state all findings of fact that the determination is based on, in the determination. (§ 52(2), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • The information commissioner may include in the determination a declaration that the complainant is entitled to a named amount for reimbursement of expenses reasonably incurred with making the complaint and the investigation of the complaint. (§ 52(3), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • A determination on a representative complaint may provide for a payment of named amounts and must make provisions for payment to the concerned complainants. (§ 52(4), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • A determination may include an order that an agency or respondent include in a credit report or credit information file or attach to a record a statement provided by the complainant of any additions, deletions, or corrections sought by the complainant. (§ 52(3B)(b), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • A determination may include an order to a respondent or agency to make appropriate additions, deletions, or corrections to records, credit reports, or credit information files. (§ 52(3B)(a), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • The court may grant an interim injunction pending the determination of the proceedings. (§ 55A(3), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • Civil proceedings do not lie against a person with respect to damage, loss, or injury of any kind suffered by another person because of the making of a complaint done in good faith. (§ 67(a), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • Civil proceedings do not lie against a person with respect to damage, loss, or injury of any kind suffered by another person because of the making of a complaint under an approved privacy code done in good faith. (§ 67(b), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • Civil proceedings do not lie against a person with respect to damage, loss, or injury of any kind suffered by another person because of the making of a statement or the giving of information or a document to the information commissioner whether or not it is pursuant to a requirement under section 44… (§ 67(d), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • A person may start proceedings in a court of competent jurisdiction for recovering compensation from the commonwealth of australia when the commonwealth and the person do not agree on the amount of the compensation. (§ 80T(2), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • The federal court or the federal magistrates court may, on an application, grant an injunction that restrains a person from engaging in or proposing to engage in conduct that constitutes or would constitute a violation of this act. (§ 98(1), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • The federal court or the federal magistrates court may, on an application, grant an injunction requiring the person who has refused or failed, is refusing or failing, or is proposing to refuse or fail to do an act or thing and the refusal or failure is a violation of this act to do the act or thing. (§ 98(2), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • A court may grant an interim injunction that restrains a person from engaging in conduct that is a violation of this act before considering the application for an injunction. (§ 98(3), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • The australian communications and media authority may start a proceeding in federal court for recovering a pecuniary penalty on behalf of the commonwealth of australia. (§ 26(1), Australian Government Spam Act 2003)
  • Proceedings for recovering pecuniary penalties under section 26(1) may be started inside of 6 years after the violation. (§ 26(2), Australian Government Spam Act 2003)
  • Criminal proceedings do not lie against a person because the person violated a civil penalty provision. (§ 27, Australian Government Spam Act 2003)
  • An application for compensation under section 28(1) may be made at any time inside of 6 years after the violation occurred. (§ 28(4), Australian Government Spam Act 2003)
  • An application for recovery of a financial benefit under section 29(1) may be made at any time inside of 6 years after the violation occurred. (§ 29(3), Australian Government Spam Act 2003)
  • The federal court may grant an injunction restraining a person from engaging in any conduct that is a violation of a civil penalty provision. (§ 32(1)(a), Australian Government Spam Act 2003)
  • The federal court may grant an injunction requiring the person to do something, if the person is engaging in any conduct that is a violation of a civil penalty provision. (§ 32(1)(b), Australian Government Spam Act 2003)
  • The federal court may grant an interim injunction that restrains a person from engaging in the act before considering the application for an injunction under section 32. (§ 33(1), Australian Government Spam Act 2003)
  • The federal court may make any order that the court considers appropriate, if the court is satisfied that the person has breached a term of the undertaking. (§ 39(2)(d), Australian Government Spam Act 2003)
  • The australian communications and media authority may issue formal warnings when a person violates a civil penalty provision. (§ 41, Australian Government Spam Act 2003)
  • A natural or legal person who is conducting business as a data controller or processor commits an administrative offense while processing personal data if he/she processes inaccurate personal data (Art. 5(1)(c)); doesn't specify the means, manner, or purpose of the processing (Art. 5(1)(a) and (b));… (Art 45, Art 45a, Art 46(1), Art 46(3), Czech Republic Personal Data Protection Act, April 4, 2000)
  • The regulations on administrative justice will be used for any legal action taken against the President's decision. Personal data will stay blocked until the court makes a final decision. The Administrative Code will govern proceedings regulated by this Act, unless a provision provides otherwise. (Art 40(2), Czech Republic Personal Data Protection Act, April 4, 2000)
  • A data controllers who does not comply with this Act may be issued a warning by the "Commission Nationale de l'informatique et des libertés" (CNIL), which may also order the breach to be ceased within a certain time period. If the data controller does not comply, the commission may impose, after fa… (Art 45, France Data Processing, Data Files and Individual Liberties)
  • The chairperson of the "Commission Nationale de l'informatique et des libertés" (CNIL) will be notified by the public prosecutor of any legal proceedings in connection with breaches of Section 5 of Chapter VI of Title II of Book II of the Criminal Code and the decisions that were made. He/she will … (Art 52, France Data Processing, Data Files and Individual Liberties)
  • The following disciplinary sanctions may be taken by the Commission Nationale: admonish or alert data controllers who have violated Articles 21 to 24; delete, block, or destroy data that is contrary to this Law; impose a definitive or temporary ban on processing that is contrary to this Law; and ord… (Art 33, Law of 2 August 2002 on the Protection of Persons with Regard to the Processing of Personal Data)
  • Anyone who processes data in breach of Articles 4, 5, 8, 10(1), 14, 17, 26, 29(4), and 30; processes or notifies a third party in violation of Articles 6(1) and 7; transfers data to a third country in violation of Articles 18(1), 18(2), 18(4), and 19; processes data in breach of the security and con… (Art 4(3), Art 5(2), Art 6(4), Art 7(5), Art 8(4), Art 10(4), Art 14(6), Art 17(3), Art 18(5), Art 19(4), Art 25, Art 26(3), Art 28(2), Art 28(7), Art 29(6), Art 30(2), Art 32(11), Art 38, Law of 2 August 2002 on the Protection of Persons with Regard to the Processing of Personal Data)
  • Governmental regulations can be prescribed for handling personal data in particular fields and by individual professions. The following will be governed by government regulations: collecting and registering financial and credit standing data of companies and other legal persons; the Data Protection … (Art 45, Iceland Protection of Privacy as regards the Processing of Personal Data)
  • Breaches of the secrecy obligation are punishable in accordance with Article 136 of the General Penal Code. (Art 35.3, Iceland Protection of Privacy as regards the Processing of Personal Data)
  • If the Commissioner believes a person has violated this Act, the Commissioner may require the violator to take steps to be in compliance with this Act, such as blocking, correcting, destroying, or erasing the concerned data or supplementing the data. (§ 10(2), § 10(3), Ireland Consolidated Data Protection Acts of 1988 and 2003)
  • Court or tribunal proceedings may take into account any codes of practice in determining the question concerned. The Commissioner may bring and prosecute summary proceedings for any offense under this Act. Summary proceedings may be brought within 1 year from the date of the offense. (§ 13(6), § 30, Ireland Consolidated Data Protection Acts of 1988 and 2003)
  • Personal data that was collected for historical purposes may not be used to take actions or issue provisions against a data subject in administrative matters, unless the data is also used for other purposes. (§ 101.1, Italy Personal Data Protection Code)
  • Judicial authorities have competence over any disputes about the provisions of this Code, including ones related to provisions issued by the Guarantee about personal data protection or the failure to adopt the provisions. The proceedings for any of these disputes will be instituted by filing a petit… (§ 152, Italy Personal Data Protection Code)
  • The relevant authority in cases involving §§ 7(7), 9(3), 10(3), 13(1), 27(4), 28, 29, 30, 31, 32(1), 32(2), 32(4), 33, 34, 35, 36, 37, 39, and 58(2) will be decided on by the Data Protection Agency. (§ 60(1), Denmark, The Act on Processing of Personal Data)
  • The Director of the Data Protection Agency may propose disciplinary proceedings to be initiated for infringements stated in Article 44. Procedures and penalties will be applied from the legislation on disciplinary proceedings in public administrations. Decisions will be communicated to the Agency, a… (Art 46.2 thru Art 46.4, Art 49, ORGANIC LAW 15/1999 of 13 December on the Protection of Personal Data)
  • If the supervisory authority requests information under Section 43 and cannot obtain enough information to determine that the personal data processing is lawful, the supervisory authority may prohibit, subject to a default fine, the personal data controller from processing personal data in any manne… (§ 44, § 45, § 46, Sweden Personal Data Act (1998:204))
  • Decisions that are made by an administrative body in response to a request as noted in Articles 30(3), 35, 36, and 38(2), or an objection as noted in Articles 40 or 41, are considered the same as decision within the meaning of the General Administrative Regulations Act, where a decision was made by … (Art 45, Art 65, Netherlands Personal Data Protection Act, Session 1999-2000 Nr.92, REVISED BILL (as approved by the Lower House on 23 November 1999), Unofficial Translation)
  • If the decision in Article 45 is not from an administrative body, the party can apply to the district court within 6 weeks of receiving the reply to have the court grant or reject the request or objection. Responsible parties who act in conflict of the provisions of Articles 4(3), 27, 28, or 78(2)(a… (Art 46, Art 75, Netherlands Personal Data Protection Act, Session 1999-2000 Nr.92, REVISED BILL (as approved by the Lower House on 23 November 1999), Unofficial Translation)
  • Claims for infringements of the right to secrecy, rectification, or erasure against private sector controllers must be brought before civil courts. If the data is used contrary to this Federal Act, the data subject has the right to sue. An injunction may be issued to safeguard the legal right to put… (§ 32, Austria Data Protection Act)
  • Requests on alleged data controller infringements of data applications of the right to information will be decided by the Data Protection Commission, when the request does not concern a data use for legislative or judicial acts. Alleged infringements of the right to secrecy, rectification, and erasu… (§ 31(1), § 31(2), § 31(4), Austria Data Protection Act)
  • The Office may require the data controller to designate, in writing, a different personal data protection official, if the original personal data protection official failed to fulfill or did not sufficiently fulfill his/her obligations in accordance with section 19(7); incorrectly assessed or applie… (§ 12(11), § 46, § 48, Slovak Republic Protection of Personal Data in Information Systems)
  • In order to ensure adequate protection and in particular the enforcement of individual rights, the data subject should be provided with effective administrative and judicial redress. (2.4 (65), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • Individuals may first of all lodge requests or complaints with criminal law enforcement authorities concerning the handling of their personal data. This includes the possibility to request access to and correction of personal data. As regards activities relating to counter-terrorism, individuals may… (3.1.3 (113), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • Payment service providers may allow the website to respond to the allegations and/or fix the violation before responding to the trademark owner or determining the appropriate remedies. (Best Practices for Payment Service Providers (PSPs) ¶ 4, Addressing the Sale of Counterfeits on the Internet)
  • Payment service providers may impose appropriate remedies in accordance with their internal procedures, including terminating service, when it observes repeated violations. (Best Practices for Payment Service Providers (PSPs) ¶ 5, Addressing the Sale of Counterfeits on the Internet)
  • A court that finds relevant information has been negligently lost and results in prejudice to the requesting party and does not have the level of culpability that would lead to sanctions may order remedial measures to be taken. (Comment 14.b ¶ 2, The Sedona Principles Addressing Electronic Document Production)
  • For a complaint that the Privacy Commissioner did not initiate, he/she may apply to the Court, within the time stated in Section 14, for a hearing about any matter described in Section 14, if he/she has received consent from the complainant; appear before the Court on behalf of the complainant who a… (§ 15, Canada Personal Information Protection Electronic Documents Act (PIPEDA), 2000, c.5)
  • The State Commission for Access to Public Information will monitor compliance with this law, especially with regard to rights of access, rectification, opposition, and cancellation. When violations are committed in files that are the responsibility of state and municipal public administrations and p… (Art 16.I, Art 22, Colima Personal Data Protection Law (Decree No. 356))
  • The Commission may apply the following sanctions, without prejudice to administrative responsibilities for cases of liability for damages due to non-compliance with this law and the criminal penalties that apply and of users and makers of public databases: warnings; suspending operations; fines equi… (Art 92, Tlaxcala Law on Access to Public Information and Personal Data Protection)
  • The organization should correct any harm that was caused by a third party using or disclosing personal information in violation of the organization's privacy policies. (Table Ref 7.2.4, Generally Accepted Privacy Principles (GAPP), CPA and CA Practitioner Version, August 2009)
  • The organization should have a list of the available remedies for a breach of personal information. (Table Ref 10.2.1, Generally Accepted Privacy Principles (GAPP), CPA and CA Practitioner Version, August 2009)
  • The Federal Trade Commission will enforce the provisions of Title II and Subtitle A of Title III of this Act against data brokers and business entities. The Federal Trade Commission has the right, after receiving a notice under Sections 202(c)(2) and 303(c)(2), to move to stay the action, pending th… (§ 202(b), § 202(c)(3), § 303(b), § 303(c)(3), Leahy Personal Data Privacy and Security Act of 2009, Senate Bill 1490, 111th Congress)
  • When a State attorney general or a State or local law enforcement agency authorized by the State attorney general or by State statute to prosecute violations of consumer protection law has reason to believe a State resident's interest has been or is threatened or adversely affected by the practices … (§ 202(c)(1), § 303(c)(1), § 311(d)(3), § 317(b), § 318(a)(1), Leahy Personal Data Privacy and Security Act of 2009, Senate Bill 1490, 111th Congress)
  • the possibility, under certain conditions, for the individual to invoke binding arbitration, (II.1.a.xi., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • In order to help ensure compliance with their EU-U.S. DPF commitments and to support the administration of the program, organizations, as well as their independent recourse mechanisms, must provide information relating to the EU-U.S. DPF when requested by the Department. In addition, organizations m… (III.11.c., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Individuals should be encouraged to raise any complaints they may have with the relevant organization before proceeding to independent recourse mechanisms. Organizations must respond to an individual within 45 days of receiving a complaint. Whether a recourse mechanism is independent is a factual qu… (III.11.d.i., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • As set forth in Annex I, an arbitration option is available to an individual to determine, for residual claims, whether a Privacy Shield organization has violated its obligations under the Principles as to that individual, and whether any such violation remains fully or partially unremedied. This op… (§ III.11.d.iv., EU-U.S. Privacy Shield Framework Principles)
  • the possibility, under certain conditions, for the individual to invoke binding arbitration, (ii.1.a.xi., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • In order to help ensure compliance with their Swiss-U.S. DPF commitments and to support the administration of the program, organizations, as well as their independent recourse mechanisms, must provide information relating to the Swiss-U.S. DPF when requested by the Department. In addition, organizat… (iii.11.c., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Individuals should be encouraged to raise any complaints they may have with the relevant organization before proceeding to independent recourse mechanisms. Organizations must respond to an individual within 45 days of receiving a complaint. Whether a recourse mechanism is independent is a factual qu… (iii.11.d.i., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • the possibility, under certain conditions, for the individual to invoke binding arbitration, (II.1.a.xi., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • In order to help ensure compliance with their EU-U.S. DPF commitments and to support the administration of the program, organizations, as well as their independent recourse mechanisms, must provide information relating to the EU-U.S. DPF when requested by the Department. In addition, organizations m… (III.11.c., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Individuals should be encouraged to raise any complaints they may have with the relevant organization before proceeding to independent recourse mechanisms. Organizations must respond to an individual within 45 days of receiving a complaint. Whether a recourse mechanism is independent is a factual qu… (III.11.d.i., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • The privacy protection mechanisms must include procedures to remedy problems from the organization failing to comply with these principles, along with the consequences. (ENFORCEMENT(c), US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • Failure to notify the Department of Commerce of persistent failure to comply may be actionable under the false statements act (18 u.s.c. § 1001). (FAQ-Dispute Resolution and Enforcement "Persistent Failure to Comply" ¶ 1, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • The Federal Trade Commission may resolve section 5 violations by seeking an administrative cease and desist order that prohibits the practices or filing a complaint in a federal district court. (FAQ-Dispute Resolution and Enforcement "FTC Action", US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • The Federal Trade Commission may pursue criminal contempt or civil contempt for federal court order violations. (FAQ-Dispute Resolution and Enforcement "FTC Action", US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • If an investigation of a complaint pursuant to §160.306 or a compliance review pursuant to §160.308 indicates noncompliance, the Secretary may attempt to reach a resolution of the matter satisfactory to the Secretary by informal means. Informal means may include demonstrated compliance or a comple… (§ 160.312(a)(1), 45 CFR Part 160 - General Administrative Requirements)
  • The Food and Drug Administration intends to exercise enforcement discretion about specific part 11 requirements for the validation of computerized systems. (§ III.C.1 ¶ 1, Guidance for Industry Part 11, Electronic Records; Electronic Signatures - Scope and Application, August 2003)
  • The Food and Drug Administration intends to exercise enforcement discretion about specific part 11 requirements for computer-generated, time-stamped audit trails. (§ III.C.2 ¶ 1, Guidance for Industry Part 11, Electronic Records; Electronic Signatures - Scope and Application, August 2003)
  • The Food and Drug Administration does not intend to take enforcement action to enforce compliance with part 11 requirements if all of the following criteria are met: the system was operational before august 20, 1997; the system met all of the predicate rule requirements before august 20, 1997; the s… (§ III.C.3 ¶ 1, Guidance for Industry Part 11, Electronic Records; Electronic Signatures - Scope and Application, August 2003)
  • The Food and Drug Administration intends to exercise enforcement discretion to specific part 11 requirements for generating copies of records. (§ III.C.4 ¶ 1, Guidance for Industry Part 11, Electronic Records; Electronic Signatures - Scope and Application, August 2003)
  • The Food and Drug Administration intends to exercise enforcement discretion for the part 11 requirements of protecting records to ensure records can be accurate and ready for retrieval during the retention period. (§ III.C.5 ¶ 1, Guidance for Industry Part 11, Electronic Records; Electronic Signatures - Scope and Application, August 2003)
  • The improper use, improper access, or improper dissemination of criminal history record information and national crime information center non-restricted files information may result in administrative sanctions including, but not limited to, state and federal criminal penalties and termination of ser… (§ 4.2.5.2, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • The defense of the interests and rights of data subjects may be carried out in court, individually or collectively, as provided in pertinent legislation regarding the instruments of individual and collective protection. (Art. 22, Brazilian Law No. 13709, of August 14, 2018)