PM-26: Complaint Management
Control is new to this version of the control set.
Implement a process for receiving and responding to complaints, concerns, or questions from individuals about the organizational security and privacy practices that includes:
- Mechanisms that are easy to use and readily accessible by the public;
- All information necessary for successfully filing complaints;
- Tracking mechanisms to ensure all complaints received are reviewed and addressed within [Assignment: organization-defined time period];
- Acknowledgement of receipt of complaints, concerns, or questions from individuals within [Assignment: organization-defined time period]; and
- Response to complaints, concerns, or questions from individuals within [Assignment: organization-defined time period].
Complaints, concerns, and questions from individuals can serve as valuable sources of input to organizations and ultimately improve operational models, uses of technology, data collection practices, and controls. Mechanisms that can be used by the public include telephone hotline, email, or web-based forms. The information necessary for successfully filing complaints includes contact information for the senior agency official for privacy or other official designated to receive complaints. Privacy complaints may also include personally identifiable information which is handled in accordance with relevant policies and processes.