CT.DM-P: Data Processing Management
Description
Data are managed consistent with the organization’s risk strategy to protect individuals’ privacy, increase manageability, and enable the implementation of privacy principles (e.g., individual participation, data quality, data minimization).
Framework Subcategories
CT.DM-P1: Data elements can be accessed for review
[csf.tools Note: Subcategories do not have detailed descriptions.]
CT.DM-P2: Data elements can be accessed for transmission or disclosure
[csf.tools Note: Subcategories do not have detailed descriptions.]
CT.DM-P3: Data elements can be accessed for alteration
[csf.tools Note: Subcategories do not have detailed descriptions.]
CT.DM-P4: Data elements can be accessed for deletion
[csf.tools Note: Subcategories do not have detailed descriptions.]
CT.DM-P5: Data are destroyed according to policy
[csf.tools Note: Subcategories do not have detailed descriptions.] Note: This Privacy Framework Subcategory is identical to the Cybersecurity Framework Subcategory.
CT.DM-P6: Data are transmitted using standardized formats
[csf.tools Note: Subcategories do not have detailed descriptions.]
CT.DM-P7: Mechanisms for transmitting processing permissions and related data values with data elements are established and in place
[csf.tools Note: Subcategories do not have detailed descriptions.]
CT.DM-P8: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy and incorporating the principle of data minimization
[csf.tools Note: Subcategories do not have detailed descriptions.]
CT.DM-P9: Technical measures implemented to manage data processing are tested and assessed
[csf.tools Note: Subcategories do not have detailed descriptions.]
CT.DM-P10: Stakeholder privacy preferences are included in algorithmic design objectives and outputs are evaluated against these preferences
[csf.tools Note: Subcategories do not have detailed descriptions.]