Navigate

CCI-004568

CCI-004568 Definition

Defines the personally identifiable information processing needed for presenting organization-defined consent mechanisms to individuals.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if [PT-04(02)_ODP[01]; consent mechanisms to be presented to individuals are defined] are presented to individuals [PT-04(02)_ODP[02]; the frequency at which to present consent mechanisms to individuals is defined] and in conjunction with [PT-04(02)_ODP[03]; personally identifiable information processing to be presented in conjunction with organization-defined consent mechanisms is defined].

Validation Procedures

Examine: [SELECT FROM: Personally identifiable information processing and transparency policy and procedures; consent policies and procedures; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with personally identifiable information processing and transparency responsibilities; organizational personnel with user interface or user experience responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for the collection of personally identifiable information; mechanisms for obtaining just-in-time consent from users for the processing of their personally identifiable information; mechanisms implementing just-in-time consent].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-004568.

Control	Description
PT-4(2)	Present [consent mechanisms to be presented to individuals are defined;] to individuals at [the frequency at which to present consent mechanisms to individuals is defined;] and in conjunction with [personally identifiable information processing to be presented in conjunction with organization-defined consent mechanisms is defined;].