{ "$TMF_VERSION": "1.4", "PublicationDateTime": "2021-04-26T00:00:00.000Z", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53 r4, Privacy Control IP-1: Consent.", "Keywords": [ "800-53", "Consent", "Individual Participation", "NIST", "Privacy", "Redress" ], "Issuer": { "Identifier": "https://trustmarkinitiative.org/", "PrimaryContact": { "Email": "help@trustmarkinitiative.org", "Telephone": "555-555-5555", "Kind": "PRIMARY", "WebsiteURL": "https://trustmarkinitiative.org/", "Responder": "" }, "Name": "TMI" }, "Sources": [{ "Identifier": "SP800-53R4", "Reference": "NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4<\/a>.", "$id": "source-2112165102" }], "Name": "NIST SP 800-53 r4 Privacy Control IP-1: Consent", "TrustExpression": "TD_ref1 and TD_ref2 and TD_ref3 and TD_ref4 and TD_ref5 and TD_ref6 and TD_ref7 and TD_ref8 and TD_ref9 and TD_ref10 and TD_ref11 and TD_ref12 and TD_ref13 and TD_ref14 and TD_ref15 and TD_ref16 and TD_ref17 and TD_ref18", "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-privacy-control-ip-1_-consent/4/", "Version": "4", "References": {"TrustmarkDefinitionRequirements": [ { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-new-uses-of-pii-not-in-the-public-notice-at-the-time-of-collection-_where-feasible_/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization ensures that, where feasible, individuals consent to all uses of PII not initially described in the public notice that was in effect at the time the organization collected the PII.", "Number": 1, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-new-uses-of-pii-not-in-the-public-notice-at-the-time-of-collection-_where-feasible_/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization ensures that, where feasible, individuals consent to all uses of PII not initially described in the public notice that was in effect at the time the organization collected the PII.", "Number": 1, "Version": "1.0", "Name": "Privacy - Consent for New Uses of PII Not in the Public Notice at the Time of Collection (Where Feasible)" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent for New Uses of PII Not in the Public Notice at the Time of Collection (Where Feasible)", "$id": "TD_ref1" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-collection-_where-feasible_/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides means, where feasible and appropriate, for individuals to authorize the collection of personally identifiable information (PII) prior to its collection.", "Number": 2, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-collection-_where-feasible_/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides means, where feasible and appropriate, for individuals to authorize the collection of personally identifiable information (PII) prior to its collection.", "Number": 2, "Version": "1.0", "Name": "Privacy - Consent for Collection (Where Feasible)" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent for Collection (Where Feasible)", "$id": "TD_ref2" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-prior-to-new-disclosure/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization obtains consent from individuals prior to any new disclosure of previously collected PII.", "Number": 3, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-prior-to-new-disclosure/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization obtains consent from individuals prior to any new disclosure of previously collected PII.", "Number": 3, "Version": "1.0", "Name": "Privacy - Consent Prior to New Disclosure" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent Prior to New Disclosure", "$id": "TD_ref3" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-prior-to-new-use/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization obtains consent from individuals prior to any new uses of previously collected PII.", "Number": 4, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-prior-to-new-use/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization obtains consent from individuals prior to any new uses of previously collected PII.", "Number": 4, "Version": "1.0", "Name": "Privacy - Consent Prior to New Use" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent Prior to New Use", "$id": "TD_ref4" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-prior-to-new-disclosure-_where-feasible_/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization obtains consent, where feasible and appropriate, from individuals prior to any new disclosure of previously collected PII.", "Number": 5, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-prior-to-new-disclosure-_where-feasible_/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization obtains consent, where feasible and appropriate, from individuals prior to any new disclosure of previously collected PII.", "Number": 5, "Version": "1.0", "Name": "Privacy - Consent Prior to New Disclosure (Where Feasible)" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent Prior to New Disclosure (Where Feasible)", "$id": "TD_ref5" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-sharing/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides means for individuals to authorize the sharing of personally identifiable information (PII) prior to its collection.", "Number": 6, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-sharing/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides means for individuals to authorize the sharing of personally identifiable information (PII) prior to its collection.", "Number": 6, "Version": "1.0", "Name": "Privacy - Consent for Sharing" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent for Sharing", "$id": "TD_ref6" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent---individuals-can-approve-or-decline-retention-of-pii/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides appropriate means for individuals to understand the consequences of decisions to approve or decline the authorization of the retention of PII.", "Number": 7, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent---individuals-can-approve-or-decline-retention-of-pii/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides appropriate means for individuals to understand the consequences of decisions to approve or decline the authorization of the retention of PII.", "Number": 7, "Version": "1.0", "Name": "Privacy - Consent - Individuals Can Approve or Decline Retention of PII" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent - Individuals Can Approve or Decline Retention of PII", "$id": "TD_ref7" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-use-_where-feasible_/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides means, where feasible and appropriate, for individuals to authorize the use of personally identifiable information (PII) prior to its collection.", "Number": 8, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-use-_where-feasible_/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides means, where feasible and appropriate, for individuals to authorize the use of personally identifiable information (PII) prior to its collection.", "Number": 8, "Version": "1.0", "Name": "Privacy - Consent for Use (Where Feasible)" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent for Use (Where Feasible)", "$id": "TD_ref8" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-use/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides means for individuals to authorize the use of personally identifiable information (PII) prior to its collection.", "Number": 9, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-use/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides means for individuals to authorize the use of personally identifiable information (PII) prior to its collection.", "Number": 9, "Version": "1.0", "Name": "Privacy - Consent for Use" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent for Use", "$id": "TD_ref9" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-maintenance/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides means for individuals to authorize the maintaining of personally identifiable information (PII) prior to its collection.", "Number": 10, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-maintenance/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides means for individuals to authorize the maintaining of personally identifiable information (PII) prior to its collection.", "Number": 10, "Version": "1.0", "Name": "Privacy - Consent for Maintenance" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent for Maintenance", "$id": "TD_ref10" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-maintenance-_where-feasible_/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides means, where feasible and appropriate, for individuals to authorize the maintaining of personally identifiable information (PII) prior to its collection.", "Number": 11, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-maintenance-_where-feasible_/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides means, where feasible and appropriate, for individuals to authorize the maintaining of personally identifiable information (PII) prior to its collection.", "Number": 11, "Version": "1.0", "Name": "Privacy - Consent for Maintenance (Where Feasible)" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent for Maintenance (Where Feasible)", "$id": "TD_ref11" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-new-uses-of-pii-not-in-the-public-notice-at-the-time-of-collection/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization ensures that individuals consent to all uses of PII not initially described in the public notice that was in effect at the time the organization collected the PII.", "Number": 12, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-new-uses-of-pii-not-in-the-public-notice-at-the-time-of-collection/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization ensures that individuals consent to all uses of PII not initially described in the public notice that was in effect at the time the organization collected the PII.", "Number": 12, "Version": "1.0", "Name": "Privacy - Consent for New Uses of PII Not in the Public Notice at the Time of Collection" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent for New Uses of PII Not in the Public Notice at the Time of Collection", "$id": "TD_ref12" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-prior-to-new-use-_where-feasible_/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization obtains consent, where feasible and appropriate, from individuals prior to any new uses of previously collected PII.", "Number": 13, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-prior-to-new-use-_where-feasible_/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization obtains consent, where feasible and appropriate, from individuals prior to any new uses of previously collected PII.", "Number": 13, "Version": "1.0", "Name": "Privacy - Consent Prior to New Use (Where Feasible)" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent Prior to New Use (Where Feasible)", "$id": "TD_ref13" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent---individuals-can-approve-or-decline-collection-of-pii/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides appropriate means for individuals to understand the consequences of decisions to approve or decline the authorization of the collection of PII.", "Number": 14, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent---individuals-can-approve-or-decline-collection-of-pii/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides appropriate means for individuals to understand the consequences of decisions to approve or decline the authorization of the collection of PII.", "Number": 14, "Version": "1.0", "Name": "Privacy - Consent - Individuals Can Approve or Decline Collection of PII" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent - Individuals Can Approve or Decline Collection of PII", "$id": "TD_ref14" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---notice-of-new-uses-of-pii-not-in-the-public-notice-at-the-time-of-collection/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization ensures that individuals are aware of all uses of PII not initially described in the public notice that was in effect at the time the organization collected the PII.", "Number": 15, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---notice-of-new-uses-of-pii-not-in-the-public-notice-at-the-time-of-collection/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization ensures that individuals are aware of all uses of PII not initially described in the public notice that was in effect at the time the organization collected the PII.", "Number": 15, "Version": "1.0", "Name": "Privacy - Notice of New Uses of PII Not in the Public Notice at the Time of Collection" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Notice of New Uses of PII Not in the Public Notice at the Time of Collection", "$id": "TD_ref15" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent---individuals-can-approve-or-decline-use-of-pii/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides appropriate means for individuals to understand the consequences of decisions to approve or decline the authorization of the use of PII.", "Number": 16, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent---individuals-can-approve-or-decline-use-of-pii/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides appropriate means for individuals to understand the consequences of decisions to approve or decline the authorization of the use of PII.", "Number": 16, "Version": "1.0", "Name": "Privacy - Consent - Individuals Can Approve or Decline Use of PII" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent - Individuals Can Approve or Decline Use of PII", "$id": "TD_ref16" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-collection/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides means for individuals to authorize the collection of personally identifiable information (PII) prior to its collection.", "Number": 17, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent-for-collection/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides means for individuals to authorize the collection of personally identifiable information (PII) prior to its collection.", "Number": 17, "Version": "1.0", "Name": "Privacy - Consent for Collection" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent for Collection", "$id": "TD_ref17" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent---individuals-can-approve-or-decline-dissemination-of-pii/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides appropriate means for individuals to understand the consequences of decisions to approve or decline the authorization of the dissemination of PII.", "Number": 18, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---consent---individuals-can-approve-or-decline-dissemination-of-pii/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization provides appropriate means for individuals to understand the consequences of decisions to approve or decline the authorization of the dissemination of PII.", "Number": 18, "Version": "1.0", "Name": "Privacy - Consent - Individuals Can Approve or Decline Dissemination of PII" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Consent - Individuals Can Approve or Decline Dissemination of PII", "$id": "TD_ref18" } ]}, "Primary": "false", "LegalNotice": "This document and the information contained herein is provided on an \"AS IS\" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.", "$Type": "TrustInteroperabilityProfile" }