PRI — Data Privacy
102 controls in the Data Privacy domain
PRI-01Data Privacy Program
PRI-01.1Chief Privacy Officer (CPO)
PRI-01.2Privacy Act Statements
PRI-01.3Dissemination of Data Privacy Program Information
PRI-01.4Data Protection Officer (DPO)
PRI-01.5Binding Corporate Rules (BCR)
PRI-01.6Security of Personal Data (PD)
PRI-01.7Limiting Personal Data (PD) Disclosures
PRI-01.8Data Fiduciary
PRI-01.9Personal Data (PD) Process Manager
PRI-01.10Financial Incentives For Personal Data (PD)
PRI-01.11Reasonable Data Privacy Practices
PRI-02Data Privacy Notice
PRI-02.1Purpose Specification
PRI-02.2Automated Data Management Processes
PRI-02.3Computer Matching Agreements (CMA)
PRI-02.4System of Records Notice (SORN)
PRI-02.5System of Records Notice (SORN) Review Process
PRI-02.6Privacy Act Exemptions
PRI-02.7Real-Time or Layered Notice
PRI-02.8Purpose Compatibility
PRI-02.9Privacy Notice Formatting
PRI-02.10Symmetry In Choice
PRI-02.11Choice Architecture
PRI-02.12Choice Architecture Testing
PRI-02.13Notice of Right To Limit
PRI-02.14Alternative Means To Deliver Privacy Notice
PRI-03Choice & Consent
PRI-03.1Tailored Consent
PRI-03.2Just-In-Time Notice & Updated Consent
PRI-03.3Prohibition of Selling, Processing and/or Sharing Personal Data (PD)
PRI-03.4Revoke Consent
PRI-03.5Product or Service Delivery Restrictions
PRI-03.6Authorized Agent
PRI-03.7Active Participation By Data Subjects
PRI-03.8Global Privacy Control (GPC)
PRI-03.9Continued Use of Personal Data (PD)
PRI-03.10Cease Processing, Storing and/or Sharing Personal Data (PD)
PRI-03.11Communicating Processing Changes
PRI-03.12Data Subject Opt-In Consent
PRI-03.13Parent or Guardian Opt-In Consent For Minors
PRI-04Restrict Collection To Identified Purpose
PRI-04.1Authority To Collect, Process, Store & Share Personal Data (PD)
PRI-04.2Primary Sources
PRI-04.3Identifiable Image Collection
PRI-04.4Acquired Personal Data (PD)
PRI-04.5Validate Collected Personal Data (PD)
PRI-04.6Re-Validate Collected Personal Data (PD)
PRI-04.7Personal Data (PD) Collection Methods
PRI-05Personal Data (PD) Retention & Disposal
PRI-05.1Internal Use of Personal Data (PD) For Testing, Training and Research
PRI-05.2Personal Data (PD) Accuracy & Integrity
PRI-05.3Data Masking
PRI-05.4Usage Restrictions of Personal Data (PD)
PRI-05.5Inventory of Personal Data (PD)
PRI-05.6Personal Data (PD) Inventory Automation Support
PRI-05.7Personal Data (PD) Categories
PRI-05.8Personal Data (PD) Formats
PRI-06Data Subject Empowerment
PRI-06.1Correcting Inaccurate Personal Data (PD)
PRI-06.2Notice of Correction or Processing Change
PRI-06.3Appeal Adverse Decision
PRI-06.4User Feedback Management
PRI-06.5Right to Erasure
PRI-06.6Data Portability
PRI-06.7Personal Data (PD) Exports
PRI-06.8Data Subject Authentication
PRI-07Information Sharing With Third Parties
PRI-07.1Data Privacy Requirements for Contractors & Service Providers
PRI-07.2Joint Processing of Personal Data (PD)
PRI-07.3Obligation To Inform Third-Parties
PRI-07.4Reject Unauthenticated or Untrustworthy Disclosure Requests
PRI-07.5Justification To Reject Disclosure Requests
PRI-08Testing, Training & Monitoring
PRI-09Personal Data (PD) Lineage
PRI-10Data Quality Management
PRI-10.1Data Quality Automation
PRI-10.2Data Analytics Bias
PRI-11Data Tagging
PRI-12Updating Personal Data (PD) Process
PRI-12.1Enabling Data Subjects To Update Personal Data (PD)
PRI-13Data Management Board
PRI-14Documenting Data Processing Activities
PRI-14.1Accounting of Disclosures
PRI-14.2Notification of Disclosure Request To Data Subject
PRI-15Register As A Data Controller and/or Data Processor
PRI-16Potential Human Rights Abuses
PRI-17Data Subject Communications
PRI-17.1Conspicuous Link To Data Privacy Notice
PRI-17.2Notice of Financial Incentive
PRI-17.3Data Subject Communications Documentation
PRI-17.4Data Subject Communications Metrics
PRI-17.5Data Subject Communications Disclosure
PRI-18Data Controller Communications
PRI-19Automated Decision-Making Technology (ADMT) For Data Subject Actions
PRI-19.1Automated Decision-Making Technology (ADMT) Use Notification
PRI-19.2Automated Decision-Making Technology (ADMT) Opt-Out Consent
PRI-19.3Automated Decision-Making Technology (ADMT) Transparency
PRI-20Data Brokers
PRI-21Notice of Right To Opt-Out
PRI-21.1Opt-Out Links
PRI-21.2Alternative Out-Out Link