Back

Document the notification of interested personnel and affected parties regarding privacy policy changes.


CONTROL ID
06944
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Notify interested personnel and affected parties when changes are made to the privacy policy., CC ID: 06943

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Firstly, Privacy and Civil Liberties Officers exist within various departments with criminal law enforcement responsibilities. While the specific powers of these officers may vary somewhat depending on the authorising statute, they typically encompass the supervision of procedures to ensure that the… (3.1.2 (108), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • The organization should maintain a log documenting that individuals were notified of changes to the privacy policy and procedures. (Table Ref 2.2.1, Generally Accepted Privacy Principles (GAPP), CPA and CA Practitioner Version, August 2009)
  • The entity communicates, to external users, vendors, business partners and others whose products and services are part of the system, objectives related to privacy and changes to those objectives. (CC2.3 Communicates Objectives Related to Privacy and Changes to Objectives, Trust Services Criteria)
  • The entity communicates, to external users, vendors, business partners, and others whose products and services are part of the system, objectives related to privacy and changes to those objectives. (CC2.3 ¶ 5 Bullet 1 Communicates Objectives Related to Privacy and Changes to Objectives, Trust Services Criteria, (includes March 2020 updates))
  • Work with legal counsel and management, key departments and committees to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms and information notices and materials reflecting current organization and legal practices and requirements. (T0862, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Work with legal counsel and management, key departments and committees to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms and information notices and materials reflecting current organization and legal practices and requirements. (T0862, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)