Description
Appoint a senior agency official for privacy with the authority, mission, and resources to coordinate, develop, and implement applicable privacy requirements and manage privacy risks through the organization-wide privacy program.
Supplemental Guidance
The privacy function can be centralized or decentralized depending upon the organizational structure and composition. In either case, adequate resources need to be allocated to ensure that the privacy function has the capability and capacity to support the organization's need for privacy.
Changes from Rev 4
New control in Rev 5. Establishes privacy leadership role.
Compliance Mappings
HITRUST CSF v11
13.a