Back

Define the information being collected in the privacy policy.


CONTROL ID
13115
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Define what is included in the privacy policy., CC ID: 00404

This Control has the following implementation support Control(s):
  • Define which collection of information is voluntary and which is required in the privacy policy., CC ID: 13110
  • Include the means by which information is collected in the privacy policy., CC ID: 13114


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Purposes of collection and use of personal information, items of personal information collected, and methods of collection; (Article 27-2(2)(1), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
  • the kinds of personal information that the entity collects and holds; (Schedule 1 Part 1 Clause 1 Subclause 1.4(a), Australian Privacy Act 1988, Compilation No. 77)
  • the purposes for which the entity collects, holds, uses and discloses personal information; (Schedule 1 Part 1 Clause 1 Subclause 1.4(c), Australian Privacy Act 1988, Compilation No. 77)
  • The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected. (Schedule 1 4.2 Principle 2 - Identifying Purposes, Canada Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, Last amended on June 23, 2015)
  • The categories of nonpublic personal financial information that the licensee collects; (Section 7.A(1), Privacy of Consumer Financial and Health Information Regulation, NAIC MDL-672, Q2 2017)
  • Identify the categories of personally identifiable information that the operator collects through the Web site or online service about individual consumers who use or visit its commercial Web site or online service and the categories of third-party persons or entities with whom the operator may shar… (§ 22575(b)(1), California Civil Code, Division 8, Chapter 22, § 22575 to 22579 -Internet Privacy Requirements)
  • Identify the categories of personally identifiable information that the operator collects through the internet website, online or cloud computing service, online application, or mobile application about users of its commercial internet website, online or cloud computing service, online application, … (§ 1205C(b)(1), Delaware Code, Title 6, Commerce and Trade, Subtitle II, Other Laws Relating to Commerce and Trade, Chapter 12C, Online and Personal Privacy Protection)
  • a statement of any information, including personal information, the state agency website will collect with respect to the user and the use of the information; (§ 203.1(a), New York State Technology Law, Article 2 Internet Security and Privacy Act)
  • Specify in the privacy notice described in subsection (4) of this section the express purposes for which the controller is collecting and processing personal data; (Section 5 (1)(a), 82nd Oregon Legislative Assembly, Senate Bill 619)