TR-03-727 Dissemination of Privacy Program Information

Dissemination of Privacy Program Information

Control ID

TR-03-727

Control Name

Dissemination of Privacy Program Information

Control Category

Transparency

Functional Areas

Identify

Sub-Areas

Privacy and Confidentiality

NIST Baseline Level(s)

NOT SELECTED

NIST Priority

State Implementation Required

Agency Last Implemented Date

Risk Statement

Absence of privacy communication and reporting processes leading to policy violations and security breaches.

Control Description

The organization: a. Ensures that the public has access to information about its privacy activities and is able to communicate with its Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO); and b. Ensures that its privacy practices are publicly available through organizational websites or otherwise.

Control Example

A privacy impact officer is identified for the organization (as applicable).

State Implementation

No statewide control

Testing Procedures

Obtain data privacy policy and procedures; other relevant documents or records and ascertain if: (I) the organization ensures that the public has access to information about its privacy activities and is able to communicate with its Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO); and (ii) the organization ensures that its privacy practices are publicly available through organizational websites or otherwise.