Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Key Input of Notice Requirements: 


The organization should provide notice in a machine-readable format so that the software responsible for presenting it to the PII principal can parse it to optimize the user interface and help PII principals make decisions

 Situations, when the PII principal is subject of being impacted, are when:

a) they change the nature of the service for which PII was collected;


  • they change the collection and processing of PII which causes additional or higher impact on the PII principal than previously indicated;
  • there is a substantial change at the PII controller; they change the PII being collected;
    they change the processing of PII;
    they change the collection method of PII;
  • they change the purpose of use of collected PII to something outside the scope of what was notified to the PII principal at the time PII was collected;
  • they change matters related to the provision of PII to a third party;
  • they change the retention period or change the disposal date notified to the PII principal at the time PII was collected;
  • they change matters related to disclosure, use and retention period, correction, deletion, third party transfer, or revoking of consent;
  • they change the contact information for inquiry.
    Note The organization can publish the new contact information on its websites or at the startup page of a mobile app.

ISO/IEC 1st CD 29184

  1. 538  Editor's note: Should we have a paragraph on the cases where general publication notice only without

  1. provide notice of the change and

  2. 542  seek the PII principal’s consent to those changes include, but are not limited to:



  • the overall service being provided to the PII principal changes;
  • the collection and processing of PII causes another or higher impact on the PII principal or higher risk of such an impact than indicated previously;
  • changes within or to the PII controller occur (e.g., change of owner, change of business); the PII being processed changes;
    the processing of PII changes;
    the methods used to process the PII change;
  • the purposes for which PII is processed change;
  • the provision of PII to a different third party change (unless the PII principal was previously notified that PII would be provided to a range of third parties and the change made does not expand the scope of provision);
  • the retention periods or disposal dates change;
  • the manner in which PII principals may access the PII held by the organization changes, or to the manner in which PII principals may request corrections to that information; and
  • the contact information for the submission of access or correction requests changes;




  • No labels