Back

Include the consequences of refusing to provide required information in the privacy policy.


CONTROL ID
13111
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Define what is included in the privacy policy., CC ID: 00404

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • the choices, if any, individuals may have regarding how the organization uses PII and the consequences of exercising or not exercising those choices; and (TR-1a.(iii), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • An operator may satisfy the requirement of paragraph (5) by providing a clear and conspicuous hyperlink in the operator's privacy policy to an online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice. (§ 22575(b)(7), California Civil Code, Division 8, Chapter 22, § 22575 to 22579 -Internet Privacy Requirements)
  • whether the collection of information is voluntary or required, and the consequences, if any, of a refusal to provide the required information; and (§ 203.1(f), New York State Technology Law, Article 2 Internet Security and Privacy Act)