Security exploits and errors exist in systems that are implemented due to a lack of information security practices.
The organization:
a. Confirms to the greatest extent practicable upon collection or creation of personally identifiable information (PII), the accuracy, relevance, timeliness, and completeness of that information;
b. Collects PII directly from the individual to the greatest extent practicable;
c. Checks for, and corrects as necessary, any inaccurate or outdated PII used by its programs or systems [Assignment: organization-defined frequency]; and
d. Issues guidelines ensuring and maximizing the quality, utility, objectivity, and integrity of disseminated information.
(1) DATA QUALITY | VALIDATE PII
The organization requests that the individual or individual’s authorized representative validate PII during the collection process.
(2) DATA QUALITY | RE-VALIDATE PII
The organization requests that the individual or individual’s authorized representative revalidate that PII collected is still accurate [Assignment: organization-defined frequency].
PII data is automatically sourced for information security repositories, and if not is analyzed for appropriateness as applicable.
No statewide control
Obtain data privacy policy and procedures; other relevant documents or records and ascertain if:
(I) the organization has implemented mechanisms to ensure the accuracy, relevance, timeliness, and completeness of PII;
(ii) the organization collects PII directly from the individual to the greatest extent practicable;
(iii) the organization checks for, and corrects as necessary, any inaccurate or outdated PII used by its programs or systems on a periodic basis;
(iv) the organization issues guidelines ensuring and maximizing the quality, utility, objectivity, and integrity of disseminated information;
(v) the organization requests that the individual or individual’s authorized representative validate PII during the collection process and revalidate that PII collected is still accurate on a periodic basis.