Back

Include dispute resolution quality measures in the Statement of Compliance.


CONTROL ID
12533
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Include a description of the organization's privacy policy in the Statement of Compliance., CC ID: 12362

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Secondly, individuals can also bring a complaint directly to the independent dispute resolution body (either in the United States or in the Union) designated by an organisation to investigate and resolve individual complaints (unless they are obviously unfounded or frivolous) and to provide appropri… (2.4 (70), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • the relevant independent recourse mechanism(s) available to investigate unresolved Principles-related complaints. (III.6.b.viii., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • dispute resolution quality measures, such as the length of time taken to process complaints; and (III.11.d.iii.(3), EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Where the organization has chosen self-assessment, such verification must demonstrate that its privacy policy regarding personal information received from the EU is accurate, comprehensive, readily available, conforms to the Principles, and is completely implemented (i.e., is being complied with). I… (III.7.c., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Independent recourse mechanisms must publish an annual report providing aggregate statistics regarding their dispute resolution services. The annual report must include: (1) the total number of Privacy Shield-related complaints received during the reporting year; (2) the types of complaints received… (ยง III.11.d.iii., EU-U.S. Privacy Shield Framework Principles)
  • dispute resolution quality measures, such as the length of time taken to process complaints; and (iii.11.d.iii.(3), SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • the relevant independent recourse mechanism(s) available to investigate unresolved Principles-related complaints. (iii.6.b.viii., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Where the organization has chosen self-assessment, such verification must demonstrate that its privacy policy regarding personal information received from Switzerland is accurate, comprehensive, readily available, conforms to the Principles, and is completely implemented (i.e., is being complied wit… (iii.7.c., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • the relevant independent recourse mechanism(s) available to investigate unresolved Principles-related complaints. (III.6.b.viii., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • dispute resolution quality measures, such as the length of time taken to process complaints; and (III.11.d.iii.(3), UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Where the organization has chosen self-assessment, such verification must demonstrate that its privacy policy regarding personal information received from the EU is accurate, comprehensive, readily available, conforms to the Principles, and is completely implemented (i.e., is being complied with). I… (III.7.c., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)