a. Develop and maintain an accurate accounting of disclosures of personally identifiable information, including:
1. Date, nature, and purpose of each disclosure; and
2. Name and address, or other contact information of the individual or organization to which the disclosure was made;
b. Retain the accounting of disclosures for the length of the time the personally identifiable information is maintained or five years after the disclosure is made, whichever is longer; and
c. Make the accounting of disclosures available to the individual to whom the personally identifiable information relates upon request.