| Trustmark Definition Name | Version |
|---|---|
|
Defines privacy requirements for organizations to review the quality of the information it originates and have documented procedures for its destruction.
|
1.0 |
|
Defines privacy requirements for organizations to review the quality of information they have provided to a third party and identify data that may be inaccurate or incomplete and notify the third party.
|
1.0 |
|
Defines privacy requirements for organizations to document the methods used to notify an external party when the organization reviews the quality of the information it has provided and identifies issues.
|
1.0 |
|
Defines privacy requirements organizations to reevaluate the labeling of information when new information is gathered.
|
1.0 |
|
Defines privacy requirements organizations to ensure that originating parties reevaluate the labeling of information when new information is gathered that has an impact on the confidence in the information previously obtained.
|
1.0 |
|
Defines privacy requirements organizations to document how they respond to confirmed errors or deficiencies.
|
1.0 |
|
Defines privacy requirements for organizations to review the quality of the information it has received from an originating party, identify any issues, and notify the originating party or the originating party's Privacy Officer.
|
1.0 |
|
Defines privacy requirements organizations to document the methods notify an originating party when the organization reviews the quality of the information it has received and identifies issues.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disposes of, destroys, erases, and/or anonymizes the PII, regardless of the method of storage, in accordance with a NARA-approved record retention schedule.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization retains each collection of personally identifiable information (PII) for organization-defined time period to fulfill the purpose(s) identified in the notice or as required by law.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization anonymizes the PII, regardless of the method of storage in a manner that prevents loss, theft, misuse, or unauthorized access.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disposes of, destroys, and/or erases PII, regardless of the method of storage in a manner that prevents loss, theft, misuse, or unauthorized access.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization uses organization-defined techniques or methods to ensure secure deletion or destruction of PII (including originals, copies, and archived records).
|
1.0 |
|
Defines privacy requirements for organizations to have documented procedures for addressing authorized users' noncompliance with its privacy policy.
|
1.0 |
|
Defines privacy requirements for organizations to have documented procedures for addressing personnel's noncompliance with its privacy policy.
|
1.0 |
|
Defines privacy requirements for organizations to have documented procedures for addressing third parties' noncompliance with its privacy policy.
|
1.0 |
|
Defines privacy requirements for organizations to identify who is responsible for ensuring that enforcement procedures of the privacy policy are adequate and enforced.
|
1.0 |
|
Defines privacy requirements for organizations to identify who is responsible for sanctions for noncompliance with the privacy policy and that they are adequate and enforced.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes an inventory that contains a listing of all programs and information systems identified as collecting, using, maintaining, or sharing personally identifiable information (PII).
|
1.0 |
|
Defines privacy requirements for exceptions to privacy principles to be limited and proportional to meeting the objectives to which they relate.
|
1.0 |
|
Defines privacy requirements for an organization's Privacy Officer or privacy oversight committee to review all analytical products.
|
1.0 |
|
Defines privacy requirements for organizations to incorporate the gathering, processing, reporting, analyzing, and sharing of terrorism-related suspicious activities and incidents (SAR process) into existing processes and systems used to manage other crime related information and criminal intelligence.
|
1.0 |
|
Defines privacy requirements for organizations that receive or collect tips and leads and/or suspicious activity report (SAR) information to maintain and adhere to policies and procedures for information collection and handling.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides individuals the ability to have access to their personally identifiable information (PII) maintained in its system(s) of records.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization adheres to U.S. Office of Management and Budget (OMB) policies and guidance for the proper processing of U.S. Privacy Act requests.
|
1.0 |
