CCI-005024

Implementation Guidance

Determine if personally identifiable information is collected directly from the individual.

Validation Procedures

Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; personally identifiable information processing policy; system configuration documentation; system audit records; user interface where personally identifiable information is collected; system security plan; privacy plan; privacy impact assessment; privacy risk assessment documentation; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel responsible for data collection; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Data collection mechanisms; automated mechanisms supporting and/or validating collection directly from the individual].