PT-2(1)—Data Tagging
>Control Description
Attach data tags containing ⚙organization-defined authorized processing to ⚙organization-defined elements of personally identifiable information.
>Cross-Framework Mappings
>Supplemental Guidance
Data tags support the tracking and enforcement of authorized processing by conveying the types of processing that are authorized along with the relevant elements of personally identifiable information throughout the system. Data tags may also support the use of automated tools.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern data tagging in organizational systems?
- •Who is responsible for implementing and overseeing data tagging controls?
- •How does the organization ensure data tagging complies with privacy laws and regulations?
- •What process exists for documenting and maintaining data tagging?
- •What governance exists for monitoring and enforcing data tagging requirements?
Technical Implementation:
- •What systems or tools technically implement data tagging?
- •How are data tagging requirements enforced in PII processing systems?
- •What privacy-enhancing technologies support data tagging?
- •How is data tagging integrated with data governance and privacy tools?
- •What technical controls prevent violations of data tagging requirements?
Evidence & Documentation:
- •Provide documented policies and procedures for data tagging.
- •Provide evidence of data tagging implementation in PII systems.
- •Provide documentation demonstrating compliance with data tagging requirements.
- •Provide records of data tagging reviews and updates.
- •Provide privacy impact assessments or other documentation addressing data tagging.
Ask AI
Configure your API key to use AI features.