TR-02-727 System of Records Notices and Privacy Act Statements
System of Records Notices and Privacy Act Statements
TR-02-727
System of Records Notices and Privacy Act Statements
Transparency
Identify
Privacy and Confidentiality
NOT SELECTED
NA
No
Laws and regulations are violated due to an organization failing to provide notices and privacy statements on usage of customer data.
The organization:
a. Publishes System of Records Notices (SORNs) in the Federal Register, subject to required oversight processes, for systems containing personally identifiable information (PII);
b. Keeps SORNs current; and
c. Includes Privacy Act Statements on its forms that collect PII, or on separate forms that can be retained by individuals, to provide additional formal notice to individuals from whom the information is being collected.
(1) SYSTEM OF RECORDS NOTICES AND PRIVACY ACT STATEMENTS | PUBLIC WEBSITE PUBLICATION
The organization publishes SORNs on its public website.
For applicable federal system, compliance with System of Records Notices criteria is followed.
No statewide control
Obtain data privacy policy and procedures; other relevant documents or records and ascertain if:
(I) the organization publishes System of Records Notices (SORNs) in the Federal Register, subject to required oversight processes, for systems containing personally identifiable information (PII);
(ii) the organization keeps SORNs current;
(iii) the organization includes Privacy Act Statements on its forms that collect PII, or on separate forms that can be retained by individuals, to provide additional formal notice to individuals from whom the information is being collected; and
(iv) the organization publishes SORNs on its public website.