SCF - PRI-01.2 - Privacy Act Statements
Mechanisms exist to provide additional formal notice to individuals from whom the information is being collected that includes:
- Notice of the authority of organizations to collect Personal Data (PD);
- Whether providing Personal Data (PD) is mandatory or optional;
- The principal purpose or purposes for which the Personal Data (PD) is to be used;
- The intended disclosures or routine uses of the information; and
- The consequences of not providing all or some portion of the information requested.
Mapped framework controls
SOC 2
- P1.1
Control questions
Does the organization provide additional formal notice to individuals from whom the information is being collected that includes:
- Notice of the authority of organizations to collect Personal Data (PD);
- Whether providing Personal Data (PD) is mandatory or optional;
- The principal purpose or purposes for which the Personal Data (PD) is to be used;
- The intended disclosures or routine uses of the information; and
- The consequences of not providing all or some portion of the information requested?