Accountability - General, v1.0

Defines privacy requirements for controllers of sensitive information to be accountable for complying with their organization's privacy policy.

Assessment Step

1
Accountability - General (Accountability-General)
Does the organization require sensitive information controllers to be accountable for complying with measures that give effect to the Principles stated in its privacy policy?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
Parameter
Information Typesrequired
ENUM_MULTI : Select the type(s) of sensitive information that apply.
  • PII
  • PHI
  • III
  • IIHI
  • Other

Conformance Criteria (1)

C-1
A personal information controller should be accountable for complying with measures that give effect to the Principles stated in its privacy policy.
Citation
APEC
Section 26, Accountability