Back

Cooperate with authorities during a privacy rights violation complaint investigation.


CONTROL ID
14364
CONTROL TYPE
Business Processes
CLASSIFICATION
Corrective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Investigate privacy rights violation complaints., CC ID: 00480

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Thirdly, individuals may also bring their complaints to a national DPA in the Union, which may make use of their investigatory and remedial powers under Regulation (EU) 2016/679. Organisations are obliged to cooperate in the investigation and the resolution of a complaint by a DPA either when it con… (2.4 (73), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • Firstly, upon request of a federal law enforcement officer or an attorney for the government, a judge may issue a warrant for a search or seizure (including of electronically stored information). Such a warrant may only be issued if there is 'probable cause that 'seizable items' (evidence of a crime… (3.1.1.1 (92), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • Secondly, a subpoena may be issued by a grand jury (an investigative arm of the court impanelled by a judge or magistrate) in the context of investigations of certain serious crimes, usually at the request of a federal prosecutor, to require someone to produce or make available business records, ele… (3.1.1.1 (93), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • When conducting its review, the ODNI CLPO has access to the information for his/her assessment and can rely on the compelled assistance of Privacy and Civil Liberties Officers in the different intelligence agencies. Intelligence agencies are prohibited from impeding or improperly influencing the ODN… (3.2.3 (180), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • will cooperate with the DPAs in the investigation and resolution of complaints brought under the Principles; and (III.5.b.ii., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Organizations and their selected independent recourse mechanisms will respond promptly to inquiries and requests by the Department for information relating to the EU-U.S. DPF. All organizations must respond expeditiously to complaints regarding compliance with the Principles referred by EU Member St… (II.7.b., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • A U.S. organization participating in the EU-U.S. DPF that uses EU human resources data transferred from the EU in the context of the employment relationship and that wishes such transfers to be covered by the EU-U.S. DPF must therefore commit to cooperate in investigations by and to comply with the … (III.9.d.ii., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Organizations and their selected independent recourse mechanisms will respond promptly to inquiries and requests by the Department for information relating to the Swiss-U.S. DPF. All organizations must respond expeditiously to complaints regarding compliance with the Principles referred by the FDPIC… (ii.7.b, SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • will cooperate with the FDPIC in the investigation and resolution of complaints brought under the Principles; and (iii.5.b.ii., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • A U.S. organization participating in the Swiss-U.S. DPF that uses Swiss human resources data transferred from Switzerland in the context of the employment relationship and that wishes such transfers to be covered by the Swiss-U.S. DPF must therefore commit to cooperate in investigations by and to co… (iii.9.d.ii., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • will cooperate with the DPAs in the investigation and resolution of complaints brought under the Principles; and (III.5.b.ii., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Organizations and their selected independent recourse mechanisms will respond promptly to inquiries and requests by the Department for information relating to the EU-U.S. DPF. All organizations must respond expeditiously to complaints regarding compliance with the Principles referred by EU Member St… (II.7.b., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • A U.S. organization participating in the EU-U.S. DPF that uses EU human resources data transferred from the EU in the context of the employment relationship and that wishes such transfers to be covered by the EU-U.S. DPF must therefore commit to cooperate in investigations by and to comply with the … (III.9.d.ii., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Cooperate with complaint investigations and compliance reviews. A covered entity or business associate must cooperate with the Secretary, if the Secretary undertakes an investigation or compliance review of the policies, procedures, or practices of the covered entity or business associate to determi… (§ 160.310(b), 45 CFR Part 160 - General Administrative Requirements)
  • Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities; (§ 6-1-1304 (3)(a)(II), Colorado Revised Statutes, Title 6, Article 1, Part 13, Colorado Privacy Act)
  • Cooperate with law enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state, or local law; (§ 6-1-1304 (3)(a)(III), Colorado Revised Statutes, Title 6, Article 1, Part 13, Colorado Privacy Act)
  • comply with a civil, criminal or regulatory inquiry, investigation, subpoena or summons by federal, state, municipal or other governmental authorities; (§ 10 (a)(2), Connecticut Public Act No. 22-15, An Act Concerning Personal Data Privacy and Online Monitoring)
  • cooperate with law enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state or municipal ordinances or regulations; (§ 10 (a)(3), Connecticut Public Act No. 22-15, An Act Concerning Personal Data Privacy and Online Monitoring)
  • comply with a civil, criminal or regulatory inquiry, investigation, subpoena or summons by federal, state, municipal or other governmental authorities; (§ 10 (a)(2), Connecticut Public Act No. 22-15, An Act Concerning Personal Data Privacy and Online Monitoring)
  • cooperate with law enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state or municipal ordinances or regulations; (§ 10 (a)(3), Connecticut Public Act No. 22-15, An Act Concerning Personal Data Privacy and Online Monitoring)
  • Cooperate with law enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state, or local laws, rules, or regulations. (§ 12D-110.(a)(3), Delaware Code, Title 6, Subtitle II, Chapter 12D. Delaware Personal Data Privacy Act)
  • Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities. (§ 12D-110.(a)(2), Delaware Code, Title 6, Subtitle II, Chapter 12D. Delaware Personal Data Privacy Act)
  • Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities. (§ 12D-110.(a)(2), Delaware Code, Title 6, Subtitle II, Chapter 12D. Delaware Personal Data Privacy Act)
  • Cooperate with law-enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state, or local laws, rules, or regulations. (§ 12D-110.(a)(3), Delaware Code, Title 6, Subtitle II, Chapter 12D. Delaware Personal Data Privacy Act)
  • Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities. (§ 501.716(1)(b), Florida Statutes, Title XXXIII, Chapter 501, Sections 701-721, Florida Digital Bill of Rights)
  • Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities. (§ 501.716(1)(b), Florida Statutes, Title XXXIII, Chapter 501, Sections 701-721, Florida Digital Bill of Rights)
  • Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by a federal, state, local, or other governmental authority. (IC 24-15-8-1(a)(2), Indiana Code, Title 24, Article 15, Consumer Data Protection)
  • Cooperate with law enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state, or local laws, rules, or regulations. (IC 24-15-8-1(a)(3), Indiana Code, Title 24, Article 15, Consumer Data Protection)
  • Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by a federal, state, local, or other governmental authority. (IC 24-15-8-1(a)(2), Indiana Code, Title 24, Article 15, Consumer Data Protection)
  • Cooperate with law enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state, or local laws, rules, or regulations. (IC 24-15-8-1(a)(3), Indiana Code, Title 24, Article 15, Consumer Data Protection)
  • Cooperate with law enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state, or local laws, rules, or regulations. (§ 715D.7.1.c., Iowa Code Annotated, Section 715D, An Act Relating to Consumer Data Protection, Providing Civil Penalties, and Including Effective Date Provisions)
  • Cooperate with law enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state, or local laws, rules, or regulations. (§ 715D.7.1.c., Iowa Code Annotated, Section 715D, An Act Relating to Consumer Data Protection, Providing Civil Penalties, and Including Effective Date Provisions)
  • Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities. (§ 715D.7.1.b., Iowa Code Annotated, Section 715D, An Act Relating to Consumer Data Protection, Providing Civil Penalties, and Including Effective Date Provisions)
  • Notwithstanding section 3, notice may be delayed if a law enforcement agency determines that provision of such notice may impede a criminal investigation and has notified the attorney general, in writing, thereof and informs the person or agency of such determination. If notice is delayed due to suc… (Section 4 ¶ 1, Massachusetts General Law Title XV Chapter 93H, Security Breaches)
  • cooperate with law enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state, or municipal ordinances or regulations; (§ Section 11. (1)(c), Montana Consumer Data Privacy Act)
  • comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, municipal, or other government authorities; (§ Section 11. (1)(b), Montana Consumer Data Privacy Act)
  • cooperate with law enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state, or municipal ordinances or regulations; (§ Section 11. (1)(c), Montana Consumer Data Privacy Act 2023)
  • comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, municipal, or other government authorities; (§ Section 11. (1)(b), Montana Consumer Data Privacy Act 2023)
  • Comply with a civil, criminal or regulatory inquiry, investigation, subpoena or summons by federal, state, municipal or other governmental authorities; (§ 507-H:10 I.(b), New Hampshire Statutes, Title LII, Chapter 507-H, Expectation of Privacy)
  • Cooperate with law enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state or municipal ordinances or regulations; (§ 507-H:10 I.(c), New Hampshire Statutes, Title LII, Chapter 507-H, Expectation of Privacy)
  • Complying with a federal, state or local governmental inquiry, investigation, subpoena or summons related to a civil, criminal or administrative proceeding; (Section 2 (3)(b), 82nd Oregon Legislative Assembly, Senate Bill 619)
  • Cooperating with a law enforcement agency concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state or local statutes, ordinances, rules or regulations; (Section 2 (3)(c), 82nd Oregon Legislative Assembly, Senate Bill 619)
  • The notification required by this section may be delayed if a federal, state, or local law enforcement agency determines that the notification will impede a criminal investigation. The federal, state, or local law enforcement agency must notify the municipal agency, state agency, or person of the re… (§ 11-49.3-4. (b), Rhode Island General Laws Title 11 Chapter 49.3, Sections 4 thru 7, Notification of Breach)
  • Cooperate with law enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state, or local laws, rules, or regulations; (§ 47-18-3208.(a)(3), Tennessee Code Annotated, Title 47, Chapter 18, Parts 3201 through 3213, Tennessee Information Protection Act)
  • Cooperate with law enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state, or local laws, rules, or regulations; (§ 47-18-3208.(a)(3), Tennessee Code Annotated, Title 47, Chapter 18, Parts 3201 through 3213, Tennessee Information Protection Act)
  • Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities; (§ 47-18-3208.(a)(2), Tennessee Code Annotated, Title 47, Chapter 18, Parts 3201 through 3213, Tennessee Information Protection Act)
  • comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities; (§ 541.201 (a)(2), Texas Business and Commercial Code, Title 11, Subtitle C, Chapter 541, Subchapter A, Section 541)
  • comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by a federal, state, local, or other governmental entity; (13-61-304 (1)(b), Utah Code, Title 13, Chapter 61, Utah Consumer Privacy Act)
  • cooperate with a law enforcement agency concerning activity that the controller or processor reasonably and in good faith believes may violate federal, state, or local laws, rules, or regulations; (13-61-304 (1)(c), Utah Code, Title 13, Chapter 61, Utah Consumer Privacy Act)
  • comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by a federal, state, local, or other governmental entity; (13-61-304 (1)(b), Utah Code, Title 13, Chapter 61, Utah Consumer Privacy Act)
  • cooperate with a law enforcement agency concerning activity that the controller or processor reasonably and in good faith believes may violate federal, state, or local laws, rules, or regulations; (13-61-304 (1)(c), Utah Code, Title 13, Chapter 61, Utah Consumer Privacy Act)
  • Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities; (§ 59.1-582.A.2., Code of Virginia Title 59.1, Chapter 53, Consumer Data Protection Act)
  • Cooperate with law-enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state, or local laws, rules, or regulations; (§ 59.1-582.A.3., Code of Virginia Title 59.1, Chapter 53, Consumer Data Protection Act)
  • Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities; (§ 59.1-582.A.2., Code of Virginia Title 59.1, Chapter 53, Consumer Data Protection Act, April 11, 2022)
  • Cooperate with law-enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state, or local laws, rules, or regulations; (§ 59.1-582.A.3., Code of Virginia Title 59.1, Chapter 53, Consumer Data Protection Act, April 11, 2022)