Trustmark Definition Name | Version |
---|---|
Defines conformance and assessment criteria for verifying that an organization uses personally identifiable information (PII) internally only for the authorized purpose(s) identified in the U.S. Privacy Act.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization uses personally identifiable information (PII) internally only for purpose(s) identified in public notices.
|
1.0 |
Defines privacy requirements for organizations to assign limitations to identify who is allowed to see and use information based on its label.
|
1.0 |
Defines privacy requirements related to organizations ensuring their personnel and participating information-originating third parties comply with all applicable laws addressing the gathering and collection, use, analysis, retention, destruction, sharing, disclosure, and dissemination of information.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization maintains an inventory that contains a listing of all programs and information systems identified as collecting, using, maintaining, or sharing personally identifiable information (PII).
|
1.0 |
Defines privacy requirements for organizations to document the criteria they require when attempting to merge information from multiple records allegedly about the same individual.
|
1.0 |
Defines privacy requirements for organizations to document their procedures for partial matches when the full matching criteria are not met when attempting to merge information from multiple records allegedly about the same individual.
|
1.0 |
Defines privacy requirements for organizations to attach specific labels and descriptive information to the information they collect and retain that clearly indicate legal restrictions.
|
1.0 |
Defines privacy requirements for organizations to require that basic descriptive information is entered and associated with each record, data set, or system of records containing sensitive information that will be accessed, used, and disclosed, including terrorism-related information shared through the ISE.
|
1.0 |
Defines privacy requirements for organizations to have a defined review schedule for purging information.
|
1.0 |
Defines privacy requirements for organizations to document the methods they employ to remove information.
|
1.0 |
Defines privacy requirements for organizations to have a defined review schedule for validating information.
|
1.0 |
Defines privacy requirements for organizations to document their retention and destruction policies.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization limits the collection of PII to the minimum elements identified for the purposes described in the notice and for which the individual has provided consent.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization identifies the minimum personally identifiable information (PII) elements that are relevant and necessary to accomplish the legally authorized purpose of collection.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization conducts an initial evaluation of PII holdings to ensure that only PII identified in the notice is collected and retained.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization establishes and follows a schedule for regularly reviewing PII holdings at least annually to ensure that only PII identified in the notice is collected and retained.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization establishes and follows a schedule for regularly reviewing PII holdings at least annually to ensure that the PII continues to be necessary to accomplish the legally authorized purpose.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization limits the retention of PII to the minimum elements identified for the purposes described in the notice and for which the individual has provided consent.
|
1.0 |
Defines privacy requirements for ensuring that sensitive information protection is designed to prevent the misuse of such information.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization evaluates any proposed new instances of sharing personally identifiable information (PII) with third parties to assess whether the sharing is authorized.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization evaluates any proposed new instances of sharing personally identifiable information (PII) with third parties to assess whether additional or new public notice is required.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization ensures that individuals are aware of all uses of PII not initially described in the public notice that was in effect at the time the organization collected the PII.
|
1.0 |
Defines privacy requirements for organizations to require other parties that access their information and/or share information with them to adhere to applicable law and policy.
|
1.0 |
Defines privacy requirements for organizations to document the types of user actions and permissions that are controlled by the organization's access limitations.
|
1.0 |