Back

Order the organization to change to be in compliance with applicable law.


CONTROL ID
00499
CONTROL TYPE
Behavior
CLASSIFICATION
Corrective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Define the available administrative remedies in regards to a privacy rights violation complaint., CC ID: 00497

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • A court may order a service provider to terminate or prevent unlawful activities. (§ 57(3), The Electronic Communications and Transactions Act, 2002)
  • A court may order a service provider to terminate or prevent unlawful activities. (§ 58(2), The Electronic Communications and Transactions Act, 2002)
  • A court may order a service provider to terminate or prevent unlawful activities. (§ 59(4), The Electronic Communications and Transactions Act, 2002)
  • A cyber inspector may issue the cryptography provider an order, in writing, to comply with the provisions of this act. (§ 94(1)(b)(ii), The Electronic Communications and Transactions Act, 2002)
  • A cyber inspector may issue the Authentication Service provider an order, in writing, to comply with the provisions of this act. (§ 94(1)(c)(iii), The Electronic Communications and Transactions Act, 2002)
  • Each party shall provide its judicial authorities the authority to issue orders for desisting from an infringement and inter alia, to prevent goods involving intellectural property right infringement from entering the commerce channels in civil judicial proceedings. (Art 8 ¶ 1, Anti-Counterfeiting Trade Agreement)
  • Judicial authorities shall have the authority to order prompt and effective measures against a party or third party to prevent an infringement of intellectual property rights and to prevent these products from entering the commerce channels. (Art 12 ¶ 1(a), Anti-Counterfeiting Trade Agreement)
  • Judicial authorities shall have the authority to order prompt and effective measures to preserve relevant evidence about the alleged infringement. (Art 12 ¶ 1(b), Anti-Counterfeiting Trade Agreement)
  • Judicial authorities shall have the authority to adopt provisional measures inaudita altera parte, especially where delay is likely to cause irreparable harm to the right holder or there is a demonstrable risk of the evidence being destroyed. (Art 12 ¶ 2, Anti-Counterfeiting Trade Agreement)
  • Where the Commissioner is satisfied that the application of the data subject under subsection (4) is justified or justified to any extent, the Commissioner may require the data user to take such steps for complying with the data subject notice. (Part II Division 4 42. (5), Personal Data Protection Act 2010, Act 709, As at 15 June 2016)
  • The information commissioner must be satisfied that the privacy code obligates an organization that is bound by the code not to repeat or continue a practice that is declared by the adjudicator after an investigation to be an interference with the privacy of the complainant before approving a privac… (§ 18BB(3)(e), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • A determination may include an order to a respondent or agency to make appropriate additions, deletions, or corrections to records, credit reports, or credit information files. (§ 52(3B)(a), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • An organization that is the respondent to a determination made under section 52 must not continue or repeat the conduct and must perform the act or course of conduct in the determination. (§ 55(1), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • An organization that is a respondent for a determination under an approved privacy code must not continue or repeat the conduct and must perform the course of conduct or act included in the determination. (§ 55(2), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • The court may make orders, including a declaration of right, when it is satisfied the respondent engaged in a conduct that was an interference with the privacy of the complainant. (§ 55A(2), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • An agency that is a respondent to a determination must not repeat or continue and must perform the act or course of conduct that is covered by the declaration included in the determination. (§ 58, Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • A principal executive of an agency who is the respondent for a determination must take steps that are reasonably in his or her powers to ensure no officer, employee, or member repeats or continues conduct covered by a declaration in the determination. (§ 59(b), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • A principal executive of an agency who is the respondent to a determination must take steps that are reasonably in his or her powers to ensure acts or courses of conduct covered by a declaration in a determination are performed. (§ 59(c), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • An application may be made to the federal magistrates court or the federal court for an order requiring an agency that fails to comply with section 58 to comply. (§ 62(1), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • An application may be made to the federal magistrates court or the federal court for an order requiring a principal executive of an agency that fails to comply with section 59 to comply. (§ 62(2), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • A court's power to grant an injunction to restrain a person from engaging in a particular kind of conduct may be exercised when the court is satisfied that the person has engaged in the conduct, whether or not it appears the person intends to engage in or continue to engage in the conduct. (§ 98(5)(a), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • A court's power to grant an injunction to restrain a person from engaging in a particular conduct may be exercised when it appears to the court that if an injunction is not granted, the person is likely to engage in the conduct, whether or not the person previously engaged in the conduct and whether… (§ 98(5)(b), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • A court's power to grant an injunction to require a person to do a particular act or thing may be exercised when the court is satisfied that the person has refused or failed to do the act or thing, whether or not it appears the person intends to refuse or fail again or to continue to refuse or fail … (§ 98(6)(a), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • A court's power to grant an injunction to require a person do a particular act or thing may be exercised when it appears to the court that if an injunction is not granted, the person is likely to refuse or fail to do the act or thing, whether or not the person previously refused or failed to do the … (§ 98(6)(b), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • The federal court may grant an injunction requiring the person to do something, if the person has refused or failed to do the act or thing. (§ 32(2)(a), Australian Government Spam Act 2003)
  • The federal court may grant an injunction requiring a person to do something, if the refusal or failure to do the act or thing would be a violation of a civil penalty provision. (§ 32(2)(b), Australian Government Spam Act 2003)
  • The federal court may make an order directing the person to comply with the undertaking, if the court is satisfied that the person has breached a term of the undertaking. (§ 39(2)(a), Australian Government Spam Act 2003)
  • When a controlling person determines obligations required by this Act are breached, the inspector must determine what measures to implement to eliminate the shortcomings and set a deadline to implement the measures. (Art 40(1), Czech Republic Personal Data Protection Act, April 4, 2000)
  • If the court grants an application, the data controller must provide the requested information, delete or correct the data involved, annul the automated individual decision, consider the data subject's right to object, or supply the data recipient with the requested data. (Art 17(4), Hungary Protection of Personal Data and Disclosure of Data of Public Interest)
  • The Director of the Data Protection Agency will issue decisions for the measures that must be adopted to terminate or correct the effects of infringements for any infringements committed in files for which public administrations are responsible. Notification of decisions will be given to the data co… (Art 46.1, ORGANIC LAW 15/1999 of 13 December on the Protection of Personal Data)
  • If the processors or responsible parties act in a way that conflicts with this Act and as a consequence other parties sustain or may sustain harm, the courts may impose a ban on this conduct and order the responsible parties or processors to take measures to correct the consequences of that conduct. (Art 50.1, Netherlands Personal Data Protection Act, Session 1999-2000 Nr.92, REVISED BILL (as approved by the Lower House on 23 November 1999), Unofficial Translation)
  • Even after a penalty is enforced and a fine is paid for omitting a duty, the perpetrator must still comply with that duty if it is possible. (Art 36, Portuguese Act on the Protection of Personal Data 67/98)
  • If a court is satisfied on the application of an individual who has made a request under subsection (1) that the controller in question has failed to comply with the request in contravention of this section, the court may order the controller to comply with the request. (§ 94(11), UK Data Protection Act 2018 Chapter 12)
  • If a court is satisfied on the application of an individual who has made a request under subsection (1) that the controller in question has failed to comply with the request in contravention of this section, the court may order the controller to comply with the request. (§ 94(11), UK Data Protection Act 2018 Chapter 12, Revised 06/06/2022)
  • Based on the application of a person who made a request that a data controller failed to comply with a request in violation of this Act, the court, if satisfied, may order the data controller to comply with the request. Based on the application of a person who has given notice to the data controller… (§ 7(9), § 10(4), § 11(2), § 12(8), UK Data Protection Act of 1998)
  • The requirements laid down in this Executive Order issued by the President are binding on the entire Intelligence Community. They must be further implemented through agency policies and procedures that transpose them into concrete directions for day-to-day operations. In this respect, EO 14086 provi… (3.2.1.1 (126), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • When the head of a government institution refuses to disclose requested personal information, the Court must, if it determines that the head of the government institution is not authorized to refuse to disclose personal information, order the head of the government institution to disclose the person… (§ 48, § 49, § 50, Canada Privacy Act, P-21)
  • In addition to other remedies, the Court may order the organization to correct its practices to comply with Sections 5 to 10. (§ 16(a), Canada Personal Information Protection Electronic Documents Act (PIPEDA), 2000, c.5)
  • Compliance with the entity’s privacy commitments and system requirements by vendors and others third parties whose products and services are part of the system and who have access to personal information processed by the system is assessed on a periodic and as-needed basis and corrective action is… (P6.5, TSP 100A - Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy)
  • Compliance with the entity’s confidentiality commitments and system requirements by vendors and others third parties whose products and services are part of the system is assessed on a periodic and as-needed basis, and corrective action is taken, if necessary. (C1.5, TSP 100A - Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy)
  • If any section or portion of a section of this regulation or its applicability to any person or circumstance is held invalid by a court, the remainder of the regulation or the applicability of the provision to other persons or circumstances shall not be affected. (Section 26. ¶ 1, Privacy of Consumer Financial and Health Information Regulation, NAIC MDL-672, Q2 2017)
  • The result of any remedies provided by the independent dispute resolution body should be that the effects of non-compliance are reversed or corrected by the organization, insofar as feasible, and that future processing by the organization will be in conformity with the Principles and, where appropri… (III.11.e.i., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • The result of any remedies provided by the independent dispute resolution body should be that the effects of non-compliance are reversed or corrected by the organization, insofar as feasible, and that future processing by the organization will be in conformity with the Principles and, where appropri… (iii.11.e.i., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • The result of any remedies provided by the independent dispute resolution body should be that the effects of non-compliance are reversed or corrected by the organization, insofar as feasible, and that future processing by the organization will be in conformity with the Principles and, where appropri… (III.11.e.i., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Organizations that choose to take the advice of the informal panels of Data Protection Authorities for dispute resolution must comply with the advice of the Data Protection Authority. (FAQ-The Role of the Data Protection Authorities ¶ 4, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • § 552a(g)(2)(A): For suits brought under § 552a(g)(1)(A), the court may order the agency to correct an individual's record in accordance with the individual's request or as the court directs. The court will determine the matter de novo. § 552a(g)(3)(A): For suits brought under § 552a(g)(1)(B), t… (§ 552a(g)(2)(A), § 552a(g)(3)(A), 5 USC § 552a, Records maintained on individuals (Privacy Act of 1974))
  • The Office of the Comptroller of the Currency will pursue corrective measures and enforcement actions to address law or regulations violations or unsafe or unsound banking practices by the third party or the bank. ("Supervisory Reviews of Third-Party Relationships" ¶ 3, Third-Party Relationships Risk Management Guidance, OCC bulletin 2013-29, October 30, 2013)
  • Upon request by the Insurance Commissioner or by the Attorney General, each company shall provide to the commissioner or the Attorney General a copy of its comprehensive information security program. If the commissioner or the Attorney General determines that such security program does not conform t… (§ 38a-999b(d), Connecticut General Statutes Title 38a, Chapter 705, Section 38a - 999b, Comprehensive information security program to safeguard personal information. Certification. Notice requirements for actual or suspected breach. Penalty.)
  • Prior to initiating any action under this chapter, the Attorney General shall provide a controller or processor 30 days' written notice identifying the specific provisions of this chapter the Attorney General alleges have been or are being violated. If within the 30-day period, the controller or pro… (§ 59.1-584.B., Code of Virginia Title 59.1, Chapter 53, Consumer Data Protection Act)
  • Any provision of a contract or agreement of any kind that purports to waive or limit in any way consumer rights pursuant to § 59.1-577 shall be deemed contrary to public policy and shall be void and unenforceable. (§ 59.1-578.B., Code of Virginia Title 59.1, Chapter 53, Consumer Data Protection Act)