Exceptions - Use for Other Purposes, v1.0

Defines privacy requirements related to organizations use of sensitive information for purposes other than those specified.

Assessment Step

1
Exceptions - Use For Other Purposes (Exceptions-UseForOtherPurposes)
Does the organization permit sensitive information to be used for purposes other than those specified without the consent of the data subject under the authority of law?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
Parameter
Information Typesrequired
ENUM_MULTI : Select the type(s) of sensitive information that apply.
  • PII
  • PHI
  • III
  • IIHI
  • Other

Conformance Criteria (1)

C-1
Personal data may be used for purposes other than those specified without the consent of the data subject under the authority of law.
Citation
OECD
Use Limitation