Minimization - Collection Limited to Relevant Information, v1.0

Defines privacy requirements for the collection of sensitive information to be limited to information that is relevant to the purposes of collection.

Assessment Step

1
Minimization - Collection Limited To Relevant Information (Minimization-CollectionLimitedToRelevantInformation)
Does the organization require that the collection of sensitive information is limited to information that is relevant to the purposes of collection?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
Parameter
Information Typesrequired
ENUM_MULTI : Select the type(s) of sensitive information that apply.
  • PII
  • PHI
  • III
  • IIHI
  • Other

Conformance Criteria (1)

C-1
The collection of personal information should be limited to information that is relevant to the purposes of collection.
Citation
APEC
Section 18, Collection Limitation