Mechanisms exist to limit the disclosure of Personal Data (PD) to authorized parties for the sole purpose for which the PD was obtained.
Mechanisms exist to: ▪ Make data privacy notice(s) available to individuals upon first interacting with an organization and subsequently as necessary; ▪ Ensure that data privacy notices are clear and easy-to-understand, expressing information about Personal Data (PD) processing in plain language that meet all legal obligations; and ▪ Define the scope of PD processing activities, including the geographic locations and third-party recipients that process the PD within the scope of the data privacy notice.
Mechanisms exist to identify and document the purpose(s) for which Personal Data (PD) is collected, used, maintained and shared in its data privacy notices.
Automated mechanisms exist to adjust data that is able to be collected, created, used, disseminated, maintained, retained and/or disclosed, based on updated data subject authorization(s).
Mechanisms exist to publish Computer Matching Agreements (CMA) on the public website of the organization.
Mechanisms exist to draft, publish and keep System of Records Notices (SORN) updated in accordance with regulatory guidance.
Mechanisms exist to review all routine uses of data published in the System of Records Notices (SORN) to ensure continued accuracy and to ensure that routine uses continue to be compatible with the purpose for which the information was collected.
Mechanisms exist to review all Privacy Act exemptions claimed for the System of Records Notices (SORN) to ensure they remain appropriate and accurate.
Mechanisms exist to provide real-time and/or layered notice when Personal Data (PD) is collected that provides data subjects with a summary of key points or more detailed information that is specific to the organization's data privacy notice.
Mechanisms exist to authorize the processing of their Personal Data (PD) prior to its collection that: ▪ Uses plain language and provide examples to illustrate the potential data privacy risks of the authorization; and ▪ Provides a means for users to decline the authorization.
Passcode