Notify the public and other agencies after a penalty becomes final.

Back

CONTROL ID
06217

CONTROL TYPE
Behavior

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Develop remedies and sanctions for privacy policy violations., CC ID: 00474

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

When an organization becomes subject to a court order that is based on noncompliance or an order from a U.S. statutory body (e.g., FTC or DOT) listed in the Principles or in a future annex to the Principles that is based on non-compliance, the organization shall make public any relevant EU-U.S. DPF-… (II.7.e., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
When an organization becomes subject to an FTC or court order based on non-compliance, the organization shall make public any relevant Privacy Shield-related sections of any compliance or assessment report submitted to the FTC, to the extent consistent with confidentiality requirements. The Departme… (§ II.7.e., EU-U.S. Privacy Shield Framework Principles)
When an organization becomes subject to a court order that is based on non- compliance or an order from a U.S. statutory body (e.g., FTC or DOT) listed in the Principles or in a future annex to the Principles that is based on non-compliance, the organization shall make public any relevant Swiss-U.S.… (ii.7.e., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
When an organization becomes subject to a court order that is based on noncompliance or an order from a U.S. statutory body (e.g., FTC or DOT) listed in the Principles or in a future annex to the Principles that is based on non-compliance, the organization shall make public any relevant EU-U.S. DPF-… (II.7.e., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
The sanctions should include publicizing the noncompliance findings. (FAQ-Dispute Resolution and Enforcement "Remedies and Sanctions", US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
Self-regulatory bodies and private sector dispute resolution bodies must notify the applicable governmental body or courts, as appropriate, and the Department of Commerce when an organization fails to comply with their rulings. (FAQ-Dispute Resolution and Enforcement "Remedies and Sanctions", US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
The informal panel of Data Protection Authorities will notify the Department of Commerce when the cooperation agreement is considered null and void, so they can update the safe harbor participant list. (FAQ-The Role of the Data Protection Authorities ¶ 4, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
The informal panel of Data Protection Authorities will make the results of the complaints it receives public, as it sees fit. (FAQ-The Role of the Data Protection Authorities ¶ 3 Bullet 5, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
The Federal Trade Commission will notify the Department of Commerce of any actions that it takes. (FAQ-Dispute Resolution and Enforcement "FTC Action", US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
Government bodies should notify the Department of Commerce of any final dispositions of violation referrals or other rulings that determine the adherence to the safe harbor principles. (FAQ-Dispute Resolution and Enforcement "FTC Action", US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
Whenever a proposed penalty becomes final, the Secretary will notify, in such manner as the Secretary deems appropriate, the public and the following organizations and entities thereof and the reason it was imposed: the appropriate State or local medical or professional organization, the appropriate… (§ 160.426 ¶ 1, 45 CFR Part 160 - General Administrative Requirements)