DM-03-727 Minimization of PII Used In Testing, Training, And Research

Minimization of PII Used In Testing, Training, And Research

DM-03-727
Minimization of PII Used In Testing, Training, And Research
Data Minimization and Retention
Identify
Privacy and Confidentiality
NOT SELECTED
NA
No
Laws and regulations are violated as a result of lack of controls over use of personally identifiable information (PII) in testing, training and research
The organization: a. Develops policies and procedures that minimize the use of personally identifiable information (PII) for testing, training, and research; and b. Implements controls to protect PII used for testing, training, and research.
A privacy impact assessment determines the extent and nature of PII in the organization, and appropriate handling mechanisms are defined.
No statewide control
Obtain data privacy policy and procedures; other relevant documents or records and ascertain if: (I) the organization develops policies and procedures that minimize the use of personally identifiable information (PII) for testing, training, and research; and (ii) the organization implements controls to protect PII used for testing, training, and research.