Back

Notify respondents after a privacy rights violation complaint investigation has been resolved.


CONTROL ID
13513
CONTROL TYPE
Communicate
CLASSIFICATION
Corrective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Investigate privacy rights violation complaints., CC ID: 00480

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • where subsection (1)(a) or (b) applies, whether the Commissioner is satisfied that the restriction imposed by the controller was lawful; (§ 51(4)(a), UK Data Protection Act 2018 Chapter 12)
  • where subsection (1)(c) applies, whether the Commissioner is satisfied that the controller's refusal of the data subject's request was lawful. (§ 51(4)(b), UK Data Protection Act 2018 Chapter 12)
  • where subsection (1)(a) or (b) applies, whether the Commissioner is satisfied that the restriction imposed by the controller was lawful; (§ 51(4)(a), UK Data Protection Act 2018 Chapter 12, Revised 06/06/2022)
  • where subsection (1)(c) applies, whether the Commissioner is satisfied that the controller's refusal of the data subject's request was lawful. (§ 51(4)(b), UK Data Protection Act 2018 Chapter 12, Revised 06/06/2022)
  • Each complaint is addressed and the resolution is documented and communicated to the individual. (M9.1 Documents and communicates dispute resolution and recourse, Privacy Management Framework, Updated March 1, 2020)
  • Once the review is completed, the ODNI CLPO informs the complainant, through the national authority, that "the review either did not identify any covered violations or the ODNI CLPO issued a determination requiring appropriate remediation". This allows protection of the confidentiality of activities… (3.2.3 (183), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • Each complaint is addressed, and the resolution is documented and communicated to the individual. (P8.1 ¶ 2 Bullet 3 Documents and Communicates Dispute Resolution and Recourse, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • Each complaint is addressed, and the resolution is documented and communicated to the individual. (P8.1 Documents and Communicates Dispute Resolution and Recourse, Trust Services Criteria)
  • Each complaint is addressed, and the resolution is documented and communicated to the individual. (P8.1 ¶ 2 Bullet 3 Documents and Communicates Dispute Resolution and Recourse, Trust Services Criteria, (includes March 2020 updates))
  • If the matter is resolved by informal means, the Secretary will so inform the covered entity or business associate and, if the matter arose from a complaint, the complainant, in writing. (§ 160.312(a)(2), 45 CFR Part 160 - General Administrative Requirements)
  • Resolution when no violation is found. If, after an investigation pursuant to §160.306 or a compliance review pursuant to §160.308, the Secretary determines that further action is not warranted, the Secretary will so inform the covered entity or business associate and, if the matter arose from a c… (§ 160.312(b), 45 CFR Part 160 - General Administrative Requirements)
  • A controller shall establish a process for a consumer to appeal the controller's refusal to take action on a request within a reasonable period of time after the consumer's receipt of the decision pursuant to subdivision B 2. The appeal process shall be conspicuously available and similar to the pro… (§ 59.1-577.C., Code of Virginia Title 59.1, Chapter 53, Consumer Data Protection Act)