| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization adheres to Privacy Act requirements for the proper processing of Privacy Act requests.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization publishes procedures for accessing PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization publishes procedures for accessing PII in System of Records Notices (SORNs).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization publishes rules and regulations governing how individuals may request access to records maintained.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization publishes rules and regulations governing how individuals may request access to records maintained in a Privacy Act system of records.
|
1.0 |
|
Defines privacy requirements for organizations to categorize information based on its nature, usability, and quality.
|
1.0 |
|
Defines privacy requirements for organizations conducting investigations to adhere to a policy regarding the investigative techniques the organization will follow when acquiring information.
|
1.0 |
|
Defines privacy requirements for organizations to document the types of information sources from which the organization will NOT receive, seek, accept, or retain information.
|
1.0 |
|
Defines privacy requirements for organizations to apply labels to information that indicate to authorized users that the information is subject to specific information privacy restrictions, and that the organization has documented the nature of such restrictions.
|
1.0 |
|
Defines privacy requirements for organizations to apply labels to information that indicate to authorized users that the information is protected information.
|
1.0 |
|
Defines privacy requirements for organizations to apply labels to information that indicate to authorized users that the information is subject to specific information privacy restrictions.
|
1.0 |
|
Defines privacy requirements for information gathered or collected and retained by the organization is labeled.
|
1.0 |
|
Defines privacy requirements for organizations to notify the source of information prior to its destruction.
|
1.0 |
|
Defines privacy requirements for organizations to document the methods they employ to destroy information.
|
1.0 |
|
Defines privacy requirements for organizations to give notice prior to removal of information they retain.
|
1.0 |
|
Defines privacy requirements for organizations to keep a record of dates when information is to be removed if not validated prior to the end of its period.
|
1.0 |
|
Defines privacy requirements for organizations to notify the source of information prior to its removal.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization audits its staff on the authorized sharing of personally identifiable information (PII) with third parties.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors its staff on the authorized sharing of personally identifiable information (PII) with third parties.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization trains its staff on the authorized sharing of personally identifiable information (PII) with third parties.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization trains its staff on the consequences of unauthorized sharing of PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization trains its staff on the consequences of unauthorized use of PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization shares personally identifiable information (PII) externally, only for the authorized purposes described in its notice(s) or for a purpose that is compatible with those purposes.
|
1.0 |
|
Privacy - Information Sharing with Third Parties Only for Purposes In Public Notices and Privacy Act
Defines conformance and assessment criteria for verifying that an organization shares personally identifiable information (PII) externally, only for the authorized purposes identified in the U.S. Privacy Act and/or described in its notice(s) or for a purpose that is compatible with those purposes.
|
1.0 |
|
Defines privacy requirements related to organizational policy compliance with all applicable laws addressing the gathering and collection, use, analysis, retention, destruction, sharing, disclosure, and dissemination of information.
|
1.0 |
