IP-03-727 Redress

Redress

IP-03-727
Redress
Individual Participation and Redress
Identify
Privacy and Confidentiality
NOT SELECTED
NA
No
Violations to privacy laws, and regulations cannot be enforced due to ill-defined policy.
The organization: a. Provides a process for individuals to have inaccurate personally identifiable information (PII) maintained by the organization corrected or amended, as appropriate; and b. Establishes a process for disseminating corrections or amendments of the PII to other authorized users of the PII, such as external information-sharing partners and, where feasible and appropriate, notifies affected individuals that their information has been corrected or amended.
Users may access applicable information through the concept of least privilege.
No statewide control
Obtain data privacy policy and procedures; other relevant documents or records and ascertain if: (I) the organization provides a process for individuals to have inaccurate personally identifiable information (PII) maintained by the organization corrected or amended, as appropriate; and (ii) the organization establishes a process for disseminating corrections or amendments of the PII to other authorized users of the PII, such as external information-sharing partners and, where feasible and appropriate, notifies affected individuals that their information has been corrected or amended.