SC-42(4)—Notice Of Collection
>Control Description
Employ the following measures to facilitate an individual's awareness that personally identifiable information is being collected by ⚙organization-defined sensors: ⚙organization-defined measures.
>Cross-Framework Mappings
>Supplemental Guidance
Awareness that organizational sensors are collecting data enables individuals to more effectively engage in managing their privacy. Measures can include conventional written notices and sensor configurations that make individuals directly or indirectly aware through other devices that the sensor is collecting information. The usability and efficacy of the notice are important considerations.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern the implementation of notice of collection?
- •How are system and communications protection requirements defined and maintained?
- •Who is responsible for configuring and maintaining the security controls specified in SC-42(4)?
Technical Implementation:
- •How is notice of collection technically implemented in your environment?
- •What systems, tools, or configurations enforce this protection requirement?
- •How do you ensure that notice of collection remains effective as the system evolves?
Evidence & Documentation:
- •What documentation demonstrates the implementation of SC-42(4)?
- •Can you provide configuration evidence or system diagrams showing this protection control?
- •What logs or monitoring data verify that this control is functioning correctly?
Ask AI
Configure your API key to use AI features.