Back

Assign ownership of the privacy program to the appropriate organizational role.


CONTROL ID
11848
CONTROL TYPE
Human Resources Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a personal data accountability program., CC ID: 13432

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Personal information processors outside the territory of the People's Republic of China as specified in the second paragraph of Article 3 of this Law shall set up specialized agencies or designate representatives within the territory of the People's Republic of China to be responsible for handling p… (Article 53, Personal Information Protection Law of the People's Republic of China)
  • establishing and improving the personal information protection compliance system in accordance with the provisions of the state and establishing an independent organization mainly composed of external members to supervise the protection of personal information; (Article 58 ¶ 1(1), Personal Information Protection Law of the People's Republic of China)
  • A personal information processor that processes personal information up to the amount prescribed by the national cyberspace department shall designate a person in charge of personal information protection, who shall supervise the personal information processing activities of the processor as well as… (Article 52 ¶ 1, Personal Information Protection Law of the People's Republic of China)
  • An organisation shall designate one or more individuals to be responsible for ensuring that the organisation complies with this Act. (Part III Section 11 (3), Singapore Personal Data Protection Act 2012 (No. 26 of 2012))
  • An organisation shall designate one or more individuals to be responsible for ensuring that the organisation complies with this Act. (§ 11.(3), Singapore Personal Data Protection Act 2012 (No. 26 of 2012), Revised Edition 2021)
  • As is the case with respect to criminal law enforcement authorities, Privacy and Civil Liberties Officers exist at all intelligence agencies. The powers of these officers typically encompass the supervision of procedures to ensure that the respective department/agency is adequately considering priva… (3.2.2 (164), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • Firstly, Privacy and Civil Liberties Officers exist within various departments with criminal law enforcement responsibilities. While the specific powers of these officers may vary somewhat depending on the authorising statute, they typically encompass the supervision of procedures to ensure that the… (3.1.2 (108), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles. (Schedule 1 4.1 Principle 1 - Accountability, Canada Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, Last amended on June 23, 2015)
  • Appoint a senior agency official for privacy with the authority, mission, accountability, and resources to coordinate, develop, and implement, applicable privacy requirements and manage privacy risks through the organization-wide privacy program. (PM-19 Control, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Appoint a senior agency official for privacy with the authority, mission, accountability, and resources to coordinate, develop, and implement, applicable privacy requirements and manage privacy risks through the organization-wide privacy program. (PM-19 Control, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
  • Assign an individual to the role of privacy official. The privacy official is the individual who oversees privacy-related matters in the PIV system and is responsible for implementing the privacy requirements in the Standard. The individual serving in this role SHALL NOT assume any other operational… (2.11 ¶ 3 Bullet 1, FIPS Pub 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors)
  • Work with organization senior management to establish an organization-wide Privacy Oversight Committee (T0869, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Provide leadership for the organization's privacy program (T0887, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Work with organization senior management to establish an organization-wide Privacy Oversight Committee (T0869, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Provide leadership for the organization's privacy program (T0887, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Appoint a senior agency official for privacy with the authority, mission, accountability, and resources to coordinate, develop, and implement, applicable privacy requirements and manage privacy risks through the organization-wide privacy program. (PM-19 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Appoint a senior agency official for privacy with the authority, mission, accountability, and resources to coordinate, develop, and implement, applicable privacy requirements and manage privacy risks through the organization-wide privacy program. (PM-19 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Agency Privacy Programs. In order to manage Federal information resources that involve PII, agencies must develop, implement, document, maintain, and oversee agency-wide privacy programs that include people, processes, and technologies. Agencies' privacy programs are led by the Senior Agency Officia… (Section VII (A) ¶ 3, OMB Circular No. A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control)