Mechanisms exist to:
- Ensure that the public has access to information about organizational data privacy activities and can communicate with its Chief Privacy Officer (CPO) or similar role;
- Ensure that organizational data privacy practices are publicly available through organizational websites or otherwise; and
- Utilize publicly facing email addresses and/or phone lines to enable the public to provide feedback and/or direct questions to data privacy office(s) regarding data privacy practices.
Mapped framework controls
ISO 27002
- A.5.1
SOC 2
Control questions
Does the organization:
- Ensure that the public has access to information about organizational data privacy activities and can communicate with its Chief Privacy Officer (CPO) or similar role;
- Ensure that organizational data privacy practices are publicly available through organizational websites or otherwise; and
- Utilize publicly facing email addresses and/or phone lines to enable the public to provide feedback and/or direct questions to data privacy office(s) regarding data privacy practices?