https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-privacy-control-dm-1_-minimization-of-personally-identifiable-information/4/NIST SP 800-53 r4 Privacy Control DM-1: Minimization of Personally Identifiable Information4Profile of requirements corresponding to NIST Special Publication 800-53 r4, Privacy Control DM-1: Minimization of Personally Identifiable Information.2021-04-26T00:00:00.000ZfalseThis document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.https://trustmarkinitiative.org/TMIPRIMARYhelp@trustmarkinitiative.org555-555-5555https://trustmarkinitiative.org/800-53Data MinimizationMinimizationNISTPersonally Identifiable InformationPrivacyRetentionhttps://artifacts.trustmarkinitiative.org/lib/tds/privacy---minimization-of-personally-identifiable-information---identification-of-minimum-relevant-pii-elements/1.0/1Privacy - Minimization of Personally Identifiable Information - Identification of Minimum Relevant PII Elements1.0Defines conformance and assessment criteria for verifying that an organization identifies the minimum personally identifiable information (PII) elements that are relevant and necessary to accomplish the legally authorized purpose of collection.https://artifacts.trustmarkinitiative.org/lib/tds/privacy---minimization-of-personally-identifiable-information---regular-reviews-of-pii-holdings-for-compliance-with-notice/1.0/2Privacy - Minimization of Personally Identifiable Information - Regular Reviews of PII Holdings For Compliance With Notice1.0Defines conformance and assessment criteria for verifying that an organization establishes and follows a schedule for regularly reviewing PII holdings at least annually to ensure that only PII identified in the notice is collected and retained.https://artifacts.trustmarkinitiative.org/lib/tds/privacy---minimization-of-personally-identifiable-information---retention-of-pii-conforms-with-notice-and-consent/1.0/3Privacy - Minimization of Personally Identifiable Information - Retention of PII Conforms With Notice and Consent1.0Defines conformance and assessment criteria for verifying that an organization limits the retention of PII to the minimum elements identified for the purposes described in the notice and for which the individual has provided consent.https://artifacts.trustmarkinitiative.org/lib/tds/privacy---minimization-of-personally-identifiable-information---collected-pii-conforms-with-notice-and-consent/1.0/4Privacy - Minimization of Personally Identifiable Information - Collected PII Conforms With Notice and Consent1.0Defines conformance and assessment criteria for verifying that an organization limits the collection of PII to the minimum elements identified for the purposes described in the notice and for which the individual has provided consent.https://artifacts.trustmarkinitiative.org/lib/tds/privacy---minimization-of-personally-identifiable-information---regular-reviews-of-pii-holdings-for-continued-need/1.0/5Privacy - Minimization of Personally Identifiable Information - Regular Reviews of PII Holdings For Continued Need1.0Defines conformance and assessment criteria for verifying that an organization establishes and follows a schedule for regularly reviewing PII holdings at least annually to ensure that the PII continues to be necessary to accomplish the legally authorized purpose.https://artifacts.trustmarkinitiative.org/lib/tds/privacy---minimization-of-personally-identifiable-information---initial-evaluation-of-pii-holdings/1.0/6Privacy - Minimization of Personally Identifiable Information - Initial Evaluation of PII Holdings1.0Defines conformance and assessment criteria for verifying that an organization conducts an initial evaluation of PII holdings to ensure that only PII identified in the notice is collected and retained.SP800-53R4NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at <a href="http://dx.doi.org/10.6028/NIST.SP.800-53r4">http://dx.doi.org/10.6028/NIST.SP.800-53r4</a>.