CM.AW-P: Data Processing Awareness
Description
Individuals and organizations have reliable knowledge about data processing practices and associated privacy risks, and effective mechanisms are used and maintained to increase predictability consistent with the organization’s risk strategy to protect individuals’ privacy.
Framework Subcategories
CM.AW-P1: Mechanisms (e.g., notices, internal or public reports) for communicating data processing purposes, practices, associated privacy risks, and options for enabling individuals’ data processing preferences and requests are established and in place.
[csf.tools Note: Subcategories do not have detailed descriptions.]
CM.AW-P2: Mechanisms for obtaining feedback from individuals (e.g., surveys or focus groups) about data processing and associated privacy risks are established and in place
[csf.tools Note: Subcategories do not have detailed descriptions.]
CM.AW-P3: System/product/service design enables data processing visibility
[csf.tools Note: Subcategories do not have detailed descriptions.]
CM.AW-P4: Records of data disclosures and sharing are maintained and can be accessed for review or transmission/disclosure
[csf.tools Note: Subcategories do not have detailed descriptions.]
CM.AW-P5: Data corrections or deletions can be communicated to individuals or organizations (e.g., data sources) in the data processing ecosystem
[csf.tools Note: Subcategories do not have detailed descriptions.]
CM.AW-P6: Data provenance and lineage are maintained and can be accessed for review or transmission/disclosure
[csf.tools Note: Subcategories do not have detailed descriptions.]
CM.AW-P7: Impacted individuals and organizations are notified about a privacy breach or event
[csf.tools Note: Subcategories do not have detailed descriptions.]
CM.AW-P8: Individuals are provided with mitigation mechanisms (e.g., credit monitoring, consent withdrawal, data alteration or deletion) to address impacts of problematic data actions
[csf.tools Note: Subcategories do not have detailed descriptions.]