https://artifacts.trustmarkinitiative.org/lib/tds/access---ease-of-obtaining-information/1.0/Access - Ease of Obtaining Information1.0Defines privacy requirements related to individuals obtaining sensitive information that is held about them.2018-04-10T00:00:00.000Zhttps://trustmarkinitiative.org/Trustmark InitiativePRIMARYTrustmark Supporthelp@trustmarkinitiative.org555-555-5555https://trustmarkinitiative.org/This artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.PrivacyAccessAdequacyAdministrative safeguardsAdopted Authentication Scheme
(Adopted Scheme)AdoptionApproved Encryption MethodAssertionAssertion ReferenceAudit CriteriaAuthenticationAuthentication ProtocolBearer AssertionBiometricBona FidesCertification (Certify)ChoiceClaimantCollect/CollectionComparabilityConfidentialityCorrective measuresCredential Service Provider (CSP)Cross-certifiedCryptographicData commissionerData controllerData processorData protectionData protection authorityData protection officeData subjectDeceptive trade practicesDirect Assertion ModelDisclose/DisclosureDispute resolutionE-Authentication CredentialEntropyEU Data Protection Directive (EU Directive)European Economic Area (EEA)European Union (EU)Federal Trade Commission (FTC)Full Legal NameHealth InformationHolder-of-key AssertionIdentityIdentity ProofingIndirect Assertion ModelIndividualIndividually Identifiable Health Information (IIHI)Individually Identifiable Information (III)IntegrityIssuanceLevel of Assurance (LOA)Member stateMin-EntropyMulti-factor AuthenticationMulti-token AuthenticationNetworkNon-repudiationNonceNoticeOpenOpt-inOpt-outOut of BandPersonal dataPersonal Health Information (PHI)Personal Identifying Information (PII)Personal informationPersons and EntitiesPhysical safeguardsPossession and Control of a TokenPrivacyPrivacy policyPrivacy seal programPrivacy statementProcessing of personal dataProof of Possession ProtocolPseudonymPublicly available informationRegistrationRegistration AuthorityRelying Party (RP)Safe HarborSaltSecuritySensitive InformationSensitive information controllerSensitive Personal information (SPI)Shared SecretSPOStrong Man in the Middle ResistanceStrongly Bound CredentialsSubscriberTechnical safeguardsThreatTokenToken AuthenticatorTransborder flows of personal dataTransparentTrust CriteriaTrust FrameworkTrust Framework Provider (TFP)UseVerifierWeak Man in the Middle ResistanceWeakly Bound CredentialsAPECAsia-Pacific Economic Cooperation (APEC) Privacy Principles, ISBN 981-05-4471-5, APEC#205-SO-01.2
http://publications.apec.org/publication-detail.php?pub_id=3901C-1Individuals should be able to obtain from the personal information controller the personal information that is held about them:
i. within a reasonable time;
ii. at a charge, if any, that is not excessive;
iii. in a reasonable manner;
iv. in a form that is generally understandableSection 23, Access and Correction]]>1Access - Ease Of Obtaining InformationDoes the organization require that individuals are able to obtain from the sensitive information controller the sensitive information that is held about them:
i. within a reasonable time;
ii. at a charge, if any, that is not excessive;
iii. in a reasonable manner;
iv. in a form that is generally understandable?A1InformationTypesInformation TypesENUM_MULTIPIIPHIIIIIIHIOthertrue