Privacy - Information Labeled As Protected, v1.0

Defines privacy requirements for organizations to apply labels to information that indicate to authorized users that the information is protected information.

Assessment Step

1
Privacy - Information Labeled As Protected (Privacy-InformationLabeledAsProtected)
Does the organization apply labels to information (or ensure that the originating party has applied labels) that indicate to the authorized user that the information is protected information: as defined in the ISE Privacy Guidelines as defined to include sensitive information on any individual and documented: • To what extent are organizations protected by the policy. • That the information is subject to specific information privacy or other similar restrictions on access, use, or disclosure, and, if so, what is the nature of such restrictions. There may be laws that restrict who can access information, how information can be used, and limitations on the retention or disclosure of certain types of information; for example, the identity of a sexual assault victim?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.
Parameters
Information Typesrequired
ENUM_MULTI : Select the type(s) of sensitive information that apply.
  • PII
  • PHI
  • III
  • IIHI
  • Other
Satisfied By Privacy Policyrequired
BOOLEAN : Is the organization's privacy policy the source for all supporting information for satisfying the issuance criteria of this Trustmark Definition? (TRUE=yes)

Conformance Criteria (1)

C-1
Does your center apply labels to information (or ensure that the originating agency has applied labels) that indicate to the authorized user that the information is protected information: as defined in the ISE Privacy Guidelines as defined to include personal information on any individual To what extent are organizations protected by the policy? • The information is subject to specific information privacy or other similar restrictions on access, use, or disclosure, and, if so, what is the nature of such restrictions? There may be laws that restrict who can access information, how information can be used, and limitations on the retention or disclosure of certain types of information; for example, the identity of a sexual assault victim.
Citation
FCPP
Section E.3, Information