Establish, implement, and maintain an accuracy resolution policy., CC ID: 00460
Notify individuals of their right to challenge personal data., CC ID: 00457
Notify third parties of unresolved challenges., CC ID: 13559
Document disagreements as to whether personal data is complete and accurate., CC ID: 06952
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
A Data Fiduciary shall establish an effective mechanism to redress the grievances of Data Principals. (§ 8.(10), Digital Personal Data Protection Act, 2023, August 11, 2023)
Every provider of telecommunications billing services may install and operate an institution or organization that voluntary resolves disputes to protect rights and interests of users. (Article 59(1), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
A provider of information and communications services or similar shall, in receipt of a request for correction of an error in accordance with paragraph (2), correct the error, notify the user of the reasons why it is unable to correct the error, if it is the case, or take any other necessary measure… (Article 30(5), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
A provider of information and communications services shall, upon receiving a request for deletion or rebuttal of the information under paragraph (1), delete the information, take a temporary measure, or any other necessary measure, and shall notify the applicant and the publisher of the information… (Article 44-2(2), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
develop a process to receive and respond to complaints that may arise with respect to the application of this Act; (Part III Section 12 ¶ 1(b), Singapore Personal Data Protection Act 2012 (No. 26 of 2012))
develop a process to receive and respond to complaints that may arise with respect to the application of this Act; (§ 12.(b), Singapore Personal Data Protection Act 2012 (No. 26 of 2012), Revised Edition 2021)
Where appropriate and without prejudice to the right to bring proceedings before a court in accordance with national procedural law, the reply from the competent authorities shall inform the complainant of the existence of the ADR procedures set up in accordance with Article 102. (Art 99(2), DIRECTIVE (EU) 2015/2366 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC)
out-of-court proceedings and other dispute resolution procedures for resolving disputes between controllers and data subjects with regard to processing, without prejudice to the rights of data subjects pursuant to Articles 77 and 79. (Art. 40.2.(k), Regulation (EU) 2016/679 of The European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation))
The entity implements a process for receiving, addressing, resolving and communicating the resolution of inquiries, complaints and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions r… (M9.1, Privacy Management Framework, Updated March 1, 2020)
In any event, in areas where companies most likely resort to the automated processing of personal data to take decisions affecting the individual (e.g. credit lending, mortgage offers, employment, housing and insurance), U.S. law offers specific protections against adverse decisions. These acts typi… (2.2.5 (35), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
Consequently, the EU-U.S. DPF provides data subjects with a number of possibilities to enforce their rights, lodge complaints regarding non-compliance by EU-U.S. organisations and to have their complaints resolved, if necessary by a decision providing an effective remedy. Individuals can bring a com… (2.4 (68), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
The EU-U.S. DPF, through the Recourse, Enforcement and Liability Principle, requires organisations to provide recourse for individuals who are affected by non-compliance and thus the possibility for Union data subjects to lodge complaints regarding non-compliance by EU-U.S. DPF organisations and to … (2.4 (66), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
The entity implements a process for receiving, addressing, resolving, and communicating the resolution of inquiries, complaints, and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions… (P8.1 ¶ 1, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus â 2022))
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization's compliance. (Schedule 1 4.10 Principle 10 - Challenging Compliance, Canada Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, Last amended on June 23, 2015)
The entity implements a process for receiving, addressing, resolving, and communicating the resolution of inquiries, complaints, and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions… (P8.1, Trust Services Criteria)
The entity implements a process for receiving, addressing, resolving, and communicating the resolution of inquiries, complaints, and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions… (P8.1 ¶ 1, Trust Services Criteria, (includes March 2020 updates))
Give the parent or eligible student, upon request, an opportunity for a hearing under subpart C. (§ 99.34(a)(3), 34 CFR Part 99, Family Education Rights Privacy Act (FERPA))
procedures in the case of disputed accuracy of the information. (§ 1128E(c)(1)(B), Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, 104th Congress)
Independent recourse mechanisms must include on their public websites information regarding the Privacy Shield Principles and the services that they provide under the Privacy Shield. This information must include: (1) information on or a link to the Privacy Shield Principles' requirements for indepe… (§ III.11.d.ii., EU-U.S. Privacy Shield Framework Principles)
Give the parent or eligible student, upon request, an opportunity for a hearing under subpart C. (§ 99.34(a)(3), 34 CFR Part 99, Family Educational Rights and Privacy)
Controllers and processors, within the scope of their competences, concerning processing of personal data, individually or in associations, may formulate rules for good practice and governance that set forth conditions of organization, a regime of operation, procedures, including for complaints and … (Art. 50, Brazilian Law No. 13709, of August 14, 2018)
