| ๐ผ P6.1 The entity discloses personal information to third parties with the explicit consent of data subjects and such consent is obtained prior to disclosure to meet the entity's objectives related to privacy. | 4 | | | |
| ย ย ย ย ๐ผ P6.1-1 Communicates Privacy Policies to Third Parties | | | | |
| ย ย ย ย ๐ผ P6.1-2 Discloses Personal Information Only When Appropriate | | | | |
| ย ย ย ย ๐ผ P6.1-3 Discloses Personal Information Only to Appropriate Third Parties | | | | |
| ย ย ย ย ๐ผ P6.1-4 Discloses Information to Third Parties for New Purposes and Uses | | | | |
| ๐ผ P6.2 The entity creates and retains a complete, accurate, and timely record of authorized disclosures of personal information to meet the entity's objectives related to privacy. | 1 | | | |
| ย ย ย ย ๐ผ P6.2-1 Creates and Retains Record of Authorized Disclosures | | | | |
| ๐ผ P6.3 The entity creates and retains a complete, accurate, and timely record of detected or reported unauthorized disclosures (including breaches) of personal information to meet the entity's objectives related to privacy. | 1 | | | |
| ย ย ย ย ๐ผ P6.3-1 Creates and Retains Record of Detected or Reported Unauthorized Disclosures | | | | |
| ๐ผ P6.4 The entity obtains privacy commitments from vendors and other third parties who have access to personal information to meet the entity's objectives related to privacy. | 3 | | | |
| ย ย ย ย ๐ผ P6.4-1 Evaluates Third-Party Compliance With Privacy Commitments | | | | |
| ย ย ย ย ๐ผ P6.4-2 Remediates Misuse of Personal Information by a Third Party | | | | |
| ย ย ย ย ๐ผ P6.4-3 Obtains Commitments to Report Unauthorized Disclosures | | | | |
| ๐ผ P6.5 The entity obtains commitments from vendors and other third parties with access to personal information to notify the entity in the event of actual or suspected unauthorized disclosures of personal information. | 2 | | | |
| ย ย ย ย ๐ผ P6.5-1 Remediates Misuse of Personal Information by a Third Party | | | | |
| ย ย ย ย ๐ผ P6.5-2 Reports Actual or Suspected Unauthorized Disclosures | | | | |
| ๐ผ P6.6 The entity provides notification of breaches and incidents to affected data subjects, regulators, and others to meet the entity's objectives related to privacy. | 2 | | | |
| ย ย ย ย ๐ผ P6.6-1 Identifies Reporting Requirements | | | | |
| ย ย ย ย ๐ผ P6.6-2 Provides Notice of Breaches and Incidents | | | | |
| ๐ผ P6.7 The entity provides data subjects with an accounting of the personal information held and disclosure of the data subjects' personal information, upon the data subjects' request, to meet the entity's objectives related to privacy. | 3 | | | |
| ย ย ย ย ๐ผ P6.7-1 Responds to Data Controller Requests | | | | |
| ย ย ย ย ๐ผ P6.7-2 Identifies Types of Personal Information and Handling Process | | | | |
| ย ย ย ย ๐ผ P6.7-3 Captures, Identifies, and Communicates Requests for Information | | | | |