⭐ Repository → 💼 SOC 2 → 💼 P2.0 Privacy Criteria Related to Choice and Consent
💼 P2.1 The entity communicates choices available regarding the collection, use, retention, disclosure, and disposal of personal information to the data subjects and the consequences, if any, of each choice.
- ID:
/frameworks/soc-2/p2/01
Description
Explicit consent for the collection, use, retention, disclosure, and disposal of personal information is obtained from data subjects or other authorized persons, if required. Such consent is obtained only for the intended purpose of the information to meet the entity's objectives related to privacy. The entity's basis for determining implicit consent for the collection, use, retention, disclosure, and disposal of personal information is documented.
Similar
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 P2.1-1 Communicates to Data Subjects | no data | ||||
| 💼 P2.1-2 Communicates Consequences of Denying or Withdrawing Consent | no data | ||||
| 💼 P2.1-3 Obtains Implicit or Explicit Consent | no data | ||||
| 💼 P2.1-4 Documents and Obtains Consent for New Purposes and Uses | no data | ||||
| 💼 P2.1-5 Obtains Explicit Consent for Sensitive Information | no data | ||||
| 💼 P2.1-6 Obtains Consent for Data Transfers | no data |