PRI-04
Restrict Collection To Identified Purpose
Description
Mechanisms exist to minimize the collection of Personal Data (PD) to only what is adequate, relevant and limited to the purposes identified in the data privacy notice, including protections against collecting PD from minors without appropriate parental or legal guardian consent.
Control Question
Does the organization minimize the collection of Personal Data (PD) to only what is adequate, relevant and limited to the purposes identified in the data privacy notice, including protections against collecting PD from minors without appropriate parental or legal guardian consent?
Control Metadata
Domain:
Data Privacy
Validation Cadence:
Annual
Evidence Request List:
E-PRI-02