|
controlPT-3
Personally Identifiable Information Processing Purposes (PT-3)
Identify and document the [organization-defined] for processing personally identifiable information; Describe the purpose(s) in the public privacy notices and policies of the organization; Restrict the [organization-defined] of personally identifiable information to only that which is compatible with the identified purpose(s); and Monitor changes in processing personally identifiable information and implement [organization-defined] to ensure that any changes are made in accordance with [organiza
piiprivacytransparencydata-processing
Why These Connect
Supports24
These related controls work together — a change to one may affect the others.
Enhances2
These enhancements add specific capabilities or refinements to the base control.
Related Controls(16)
AC-2Account Management (AC-2)
LMH
AC-3Access Enforcement (AC-3)LMH
AC-16Security and Privacy Attributes (AC-16)CM-13Data Action Mapping (CM-13)IR-9Information Spillage Response (IR-9)PM-9Risk Management Strategy (PM-9)PM-25Minimization of Personally Identifiable Information Used in Testing, Training, and Research (PM-25)PT-2Authority to Process Personally Identifiable Information (PT-2)AT-3Role-based Training (AT-3)LMH
PT-5Privacy Notice (PT-5)PT-6System of Records Notice (PT-6)PT-7Specific Categories of Personally Identifiable Information (PT-7)RA-8Privacy Impact Assessments (RA-8)SC-43Usage Restrictions (SC-43)SI-12Information Management and Retention (SI-12)LMH
SI-18Personally Identifiable Information Quality Operations (SI-18)