Data Quality and Integrity - Provenance, v1.0

Defines privacy requirements for organizations to maintain provenance over sensitive information.

Assessment Step

1
Data Quality And Integrity - Provenance (DataQualityAndIntegrity-Provenance)
Does the organization maintain provenance -- information regarding the sources and history of sensitive information -- for at least as long as the data itself is stored?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
Parameter
Information Typesrequired
ENUM_MULTI : Select the type(s) of sensitive information that apply.
  • PII
  • PHI
  • III
  • IIHI
  • Other

Conformance Criteria (1)

C-1
Maintain provenance -- information regarding the sources and history of personal data -- for at least as long as the data itself is stored.
Citation
ACM
Accountability