PM-20: Dissemination of Privacy Program Information
Control Family:
Baselines:
- Low
N/A
- Moderate
N/A
- High
N/A
- Privacy
- PM-20
- (1)
Control is new to this version of the control set.
Control Statement
Maintain a central resource webpage on the organization’s principal public website that serves as a central source of information about the organization’s privacy program and that:
- Ensures that the public has access to information about organizational privacy activities and can communicate with its senior agency official for privacy;
- Ensures that organizational privacy practices and reports are publicly available; and
- Employs publicly facing email addresses and/or phone lines to enable the public to provide feedback and/or direct questions to privacy offices regarding privacy practices.
Supplemental Guidance
For federal agencies, the webpage is located at www.[agency].gov/privacy. Federal agencies include public privacy impact assessments, system of records notices, computer matching notices and agreements, PRIVACT exemption and implementation rules, privacy reports, privacy policies, instructions for individuals making an access or amendment request, email addresses for questions/complaints, blogs, and periodic publications.
Control Enhancements
PM-20(1): Privacy Policies on Websites, Applications, and Digital Services
Baseline(s):
- Privacy
Develop and post privacy policies on all external-facing websites, mobile applications, and other digital services, that: Are written in plain language and organized in a way that is easy to understand and navigate; Provide information needed by the public to make an informed decision about whether and how to interact with the organization; and Areā¦