Description
a. Develop and maintain an accurate accounting of disclosures of personally identifiable information, including: 1. Date, nature, and purpose of each disclosure; and 2. Name and address of the person or organization to which the disclosure was made; b. Retain the accounting of disclosures for the length of the time the personally identifiable information is maintained or five years after the disclosure is made, whichever is longer; and c. Make the accounting of disclosures available to the person named in the record upon request.
Supplemental Guidance
The accounting of disclosures pertains to disclosures of personally identifiable information outside of the organization (excluding disclosures that are required by law, or disclosures that are made to officers and employees of the organization).
Changes from Rev 4
New control in Rev 5. Addresses Privacy Act accounting requirements.