Back

Order the organization to publish a notice with the corrections or actions taken.


CONTROL ID
00500
CONTROL TYPE
Behavior
CLASSIFICATION
Corrective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Define the available administrative remedies in regards to a privacy rights violation complaint., CC ID: 00497

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Any warnings issued by the commission may be made public. It may also order other penalties it has imposed to be published in newspapers, publications, or other media it designates, in cases of bad faith on the data controller's part. The publishing will be at the expense of the sanctioned persons. (Art 46, France Data Processing, Data Files and Individual Liberties)
  • The court may order its judgment, along with the identification of the data controller, to be made public when necessitated by the interests of data protection and the rights of a large number of data subjects. (Art 17(5), Hungary Protection of Personal Data and Disclosure of Data of Public Interest)
  • If incorrect data, incomplete data, or irrelevant data, or data that must not be stored, has been disclosed to a third party, or if the disclosure was after the authorized data retention period ended, the President of the Court has the authority to order the controller to inform the third party of t… (Art 14.6, Belgian Law of 8 December 1992 on the protection of privacy in relation to the processing of persona, Unofficial English Translation November 2008)
  • The plaintiff may request that third parties are notified or that the judgment about the data or the correction, destruction, prohibition of communication, or marking of the data as litigious in character is published. (Art 15.3, Switzerland Federal Act of 19 June 1992 on Data Protection (FADP))
  • Thirdly, individuals may also bring their complaints to a national DPA in the Union, which may make use of their investigatory and remedial powers under Regulation (EU) 2016/679. Organisations are obliged to cooperate in the investigation and the resolution of a complaint by a DPA either when it con… (2.4 (73), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • In addition to other remedies, the Court may order an organization to publish a notice of any action that was taken or is proposed to be taken to correct its practices, whether or not the Court has ordered them to be corrected. (§ 16(b), Canada Personal Information Protection Electronic Documents Act (PIPEDA), 2000, c.5)
  • The organization should document and report all instances of noncompliance with privacy policies and procedures and, if needed, corrective and disciplinary actions are taken on a timely basis. (Generally Accepted Privacy Principles and Criteria § 10.2.4, Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and Criteria)
  • The nature of the final adverse action and whether such action is on appeal. (§ 1128E(b)(2)(C), Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, 104th Congress)
  • CORRECTIONS.—Each Government agency and health plan shall report corrections of information already reported about any final adverse action taken against a health care provider, supplier, or practitioner, in such form and manner that the Secretary prescribes by regulation. (§ 1128E(c)(2), Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, 104th Congress)
  • will comply with any advice given by the DPAs where the DPAs take the view that the organization needs to take specific action to comply with the Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provid… (III.5.b.iii., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • will comply with any advice given by the FDPIC where the FDPIC takes the view that the organization needs to take specific action to comply with the Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will pro… (iii.5.b.iii., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • will comply with any advice given by the DPAs where the DPAs take the view that the organization needs to take specific action to comply with the Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provid… (III.5.b.iii., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • When a person obtains another person's identifying information or identification documents and uses it to commit a crime, the court records will state the victim did not commit the crime. After a conviction a court finds involved identity theft, at the victim's request, the court will issue the nece… (§ 13A-8-197, § 13A-8-198, Code of Alabama, Article 10, The Consumer Identity Protection Act, Sections 13A-8-190 thru 13A-8-201)
  • The court may order, after issuing a determination of factual innocence, the name and associated information that is contained in court records, indexes, and files that are accessible to the public, to be deleted, sealed, or labeled to show the data has been impersonated and does not reflect the def… (40-12-509(b), 40-12-509(c), Wyoming Statutes, Title 40, Article 5, Breach of the security of the data system, Sections 40-12-501 thru 40-12-509)