Disclosure of subcontractors used to process PII
The organization should disclose any use of subcontractors to process PII to the customer before use.
...
- Licensed content not shown - LGPD (BRA)
Art.6: The operations of personal data processing
must be performed in good faith and follow these
principles:
I – Purpose: Performing the processing for legitimate,
specific, and explicit purposes that the data subject
is informed of, without the possibility of further
processing in a manner that is incompatible with
those purposes;
II – Adequacy: Compatibility of the processing with
the purposes that the data subject was informed of,
according to the context of the processing;
III – Necessity: Limitation of processing to the
minimum necessary for fulfilling its purposes, using
pertinent, proportional and non-excessive data in
relation to the purposes of processing;
IV – Free Access: Guarantee, to the data subjects, of
the ability to easily query free of charge the means
and duration of processing, as well as the integrity
of their personal data;
V – Data Quality: Guarantee, to the data subjects,
of accuracy, clarity, relevance, and updating of data,
according to the need and to fulfill the purpose of its
processing;
VI – Transparency: Guarantee, to the data subjects,
of clear, precise, and easily-accessible information
regarding the processing and the respective
processing agents, respecting commercial and
industrial secrecy;
VII – Security: Use of technical and administrative measures suitable to protect personal data from
unauthorized access and accidental or illicit
destruction, loss, change, communication, or
dissemination events;
VIII – Prevention: Adoption of measures to prevent
the occurrence of damage as result of the
processing of personal data;
IX – Non-Discrimination: Impossibility of processing
for illegal or abusive discriminatory purposes;
X – Liability and Accountability: Demonstration,
by the processing agent, that effective measures
capable of proving the observance and compliance
with personal data protection rules, including the
efficacy of these measures, is adopted.
Processing of personal data activities must be in good faith and, among others, be for notified purpose(s), necessary and transparent (Art 6)
If testing is not... Art.46: Processing agents must adopt security
measures, both technical and administrative, suitable
to protect personal data from unauthorized access
and accidental or illegal destruction, loss, change,
communication, or dissemination events, or any other
occurrence resulting from inappropriate or illegal
processing.
§ 1 The National Data Protection Authority may
determine minimum technical standards for the
purposes of the provisions this Article, considering
the nature of the information processed, the specific.
characteristics of the processing, and the current
state of technology, especially in the case of sensitive
personal data, as well as the principles outlined in
Article 6 of this Law.§ 2 The measures contemplated in the head provision
of this Article must be considered from the phase
of the development of the good or service until its
execution. APP (Australian Privacy Principles)
PIPEDA (Personal Information Protection and Electronic Documents Act) - Canada
DPP (Data Protection Principles) - Hong Kong
Personal Data Protection Act - Singapore
Personal Information Protection Act - South Korea
Turkish Data Protection Law numbered 6698