PT-3 - Personally Identifiable Information Processing Purposes

a. Identify and document the [Assignment: Assignment organization-defined purpose(s)] for processing personally identifiable information; b. Describe the purpose(s) in the public privacy notices and policies of the organization; c. Restrict the [Assignment: organization-defined processing] of personally identifiable information to only that which is compatible with the identified purpose(s); and d. Monitor changes in processing personally identifiable information and implement [Assignment: organization-defined mechanisms] to ensure that any changes are made in accordance with [Assignment: organization-defined requirements].


Informational References

ISO 27001

ID: PT-3
Enhancements:  1 | 2

Countermeasures Covered by Control

ID Name Description D3FEND

Space Threats Tagged by Control

ID Description

Sample Requirements

Requirement Rationale/Additional Guidance/Notes

Related SPARTA Techniques and Sub-Techniques

ID Name Description