Back

Include a description of the organization's privacy policy in the Statement of Compliance.


CONTROL ID
12362
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a Statement of Compliance., CC ID: 12499

This Control has the following implementation support Control(s):
  • Include the privacy programs the organization is a member of in the Statement of Compliance., CC ID: 16818
  • Include the outcomes of privacy rights violation complaints received in the Statement of Compliance., CC ID: 12534
  • Include dispute resolution quality measures in the Statement of Compliance., CC ID: 12533
  • Include the type of privacy rights violation complaints received in the Statement of Compliance., CC ID: 12532
  • Include the number of privacy rights violation complaints received in the Statement of Compliance., CC ID: 12530


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • regularly publishing social responsibility reports on personal information protection for public supervision. (Article 58 ¶ 1(4), Personal Information Protection Law of the People's Republic of China)
  • The FTC can investigate compliance with the Principles, as well as false claims of adherence to the Principles or participation in the EU-U.S. DPF by organisations which either are no longer on the DPF List or have never certified. The FTC can enforce compliance by seeking administrative or federal … (2.3.4 (61), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • The entity shall discuss the degree to which its policies and practices address similar issues as those outlined in the U.S. Office of Management and Budget's (OMB) "Guidance for Implementing the Privacy Provisions of the E- Government Act of 2002 (M-03-22)," including use of Privacy Impact Assessme… (TC-SI-220a.1. 3, Software & IT Services Sustainability Accounting Standard, Version 2018-10)
  • a description of the organization’s relevant privacy policy/ies for such personal information, including: (III.6.b.iii., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Where the organization wishes its EU-U.S. DPF benefits to cover human resources information transferred from the EU for use in the context of the employment relationship, it may do so where a statutory body listed in the Principles or a future annex to the Principles has jurisdiction to hear claims … (III.6.c., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • description of the organization's privacy policy for such personal information, including: (§ III.6.b.iii., EU-U.S. Privacy Shield Framework Principles)
  • The Department will maintain the Privacy Shield List of organizations that file completed self-certification submissions, thereby assuring the availability of Privacy Shield benefits, and will update such list on the basis of annual self-recertification submissions and notifications received pursuan… (§ III.6.d., EU-U.S. Privacy Shield Framework Principles)
  • a description of the organization's relevant privacy policy/ies for such personal information, including: (iii.6.b.iii., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Where the organization wishes its Swiss-U.S. DPF benefits to cover human resources information transferred from Switzerland for use in the context of the employment relationship, it may do so where a statutory body listed in the Principles or a future annex to the Principles has jurisdiction to hear… (iii.6.c., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • a description of the organization’s relevant privacy policy/ies for such personal information, including: (III.6.b.iii., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Where the organization wishes its EU-U.S. DPF benefits to cover human resources information transferred from the EU for use in the context of the employment relationship, it may do so where a statutory body listed in the Principles or a future annex to the Principles has jurisdiction to hear claims … (III.6.c., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)