Back

Establish, implement, and maintain a personal data accountability program.


CONTROL ID
13432
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a privacy framework that protects restricted data., CC ID: 11850

This Control has the following implementation support Control(s):
  • Assign ownership of the privacy program to the appropriate organizational role., CC ID: 11848
  • Require data controllers to be accountable for their actions., CC ID: 00470
  • Refrain from engaging other data processors absent written authorization from the data controller., CC ID: 12647
  • Establish, implement, and maintain Binding Corporate Rules for the international transfers of restricted data., CC ID: 12584
  • Notify the data controller of any changes in data processors., CC ID: 12648


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • The entity provides a privacy awareness program about its privacy policies and related matters, and provides specific training for selected personnel depending on their roles and responsibilities. (M1.2 Privacy awareness and training, Privacy Management Framework, Updated March 1, 2020)
  • Accountability: participation in self-regulatory organizations such as the Direct Marketing Association (TC-IM-220a.1. 6.7, Internet Media & Services Sustainability Accounting Standard, Version 2018-10, Version 2018-10)
  • Accountability: participation in self-regulatory organizations such as the Direct Marketing Association (TC-SI-220a.1. 6.7, Software & IT Services Sustainability Accounting Standard, Version 2018-10)
  • Accountability: participation in self-regulatory organizations such as the Direct Marketing Association (TC-TL-220a.1. 6.7, Telecommunication Services Sustainability Accounting Standard, Version 2018-10)
  • An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles. (Schedule 1 4.1 Principle 1 - Accountability, Canada Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, Last amended on June 23, 2015)
  • are integrated into its general governance structure and establish and apply internal and external mechanisms of supervision; (Art. 50 ยง 2 I(f), Brazilian Law No. 13709, of August 14, 2018)