Establish, implement, and maintain a personal data accountability program.
CONTROL ID 13432
CONTROL TYPE Establish/Maintain Documentation
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain a privacy framework that protects restricted data., CC ID: 11850
This Control has the following implementation support Control(s):
Assign ownership of the privacy program to the appropriate organizational role., CC ID: 11848
Require data controllers to be accountable for their actions., CC ID: 00470
Refrain from engaging other data processors absent written authorization from the data controller., CC ID: 12647
Establish, implement, and maintain Binding Corporate Rules for the international transfers of restricted data., CC ID: 12584
Notify the data controller of any changes in data processors., CC ID: 12648
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
The entity provides a privacy awareness program about its privacy policies and related matters, and provides specific training for selected personnel depending on their roles and responsibilities. (M1.2 Privacy awareness and training, Privacy Management Framework, Updated March 1, 2020)
Accountability: participation in self-regulatory organizations such as the Direct Marketing Association (TC-IM-220a.1. 6.7, Internet Media & Services Sustainability Accounting Standard, Version 2018-10, Version 2018-10)
Accountability: participation in self-regulatory organizations such as the Direct Marketing Association (TC-SI-220a.1. 6.7, Software & IT Services Sustainability Accounting Standard, Version 2018-10)
Accountability: participation in self-regulatory organizations such as the Direct Marketing Association (TC-TL-220a.1. 6.7, Telecommunication Services Sustainability Accounting Standard, Version 2018-10)
An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles. (Schedule 1 4.1 Principle 1 - Accountability, Canada Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, Last amended on June 23, 2015)
are integrated into its general governance structure and establish and apply internal and external mechanisms of supervision; (Art. 50 ยง 2 I(f), Brazilian Law No. 13709, of August 14, 2018)