Personally Identifiable Information Processing and Transparency
NIST SP 800-53 Rev 5 Personally Identifiable Information Processing and Transparency controls.
Policy and Procedures
Develop, document, and disseminate to [parameter]:
Authority to Process Personally Identifiable Information
Determine and document the [parameter] that permits the [parameter] of personally identifiable information; and
Personally Identifiable Information Processing Purposes
Identify and document the [parameter] for processing personally identifiable information;
Consent
Implement [parameter] for individuals to consent to the processing of their personally identifiable information prior to its collection that facilitate individuals’ informed decision-making.
Privacy Notice
Provide notice to individuals about the processing of personally identifiable information that:
System of Records Notice
For systems that process information that will be maintained in a Privacy Act system of records:
Specific Categories of Personally Identifiable Information
Apply [parameter] for specific categories of personally identifiable information.
Computer Matching Requirements
When a system or organization processes information for the purpose of conducting a matching program: