p31.md

SOC2 - P3.1

Personal information is collected consistent with the entity’s objectives related to privacy

Limits the Collection of Personal Information

The collection of personal information is limited to that necessary to meet the entity’s objectives

Collects Information by Fair and Lawful Means

Methods of collecting personal information are reviewed by management before they are implemented to confirm that personal information is obtained (a) fairly, without intimidation or deception, and (b) lawfully, adhering to all relevant rules of law, whether derived from statute or common law, relating to the collection of personal information

Collects Information From Reliable Sources

Management confirms that third parties from whom personal information is collected (that is, sources other than the individual) are reliable sources that collect information fairly and lawfully

Informs Data Subjects When Additional Information Is Acquired

Data subjects are informed if the entity develops or acquires additional information about them for its use.

Mapped SCF controls

• PRI-04 - Restrict Collection To Identified Purpose
• PRI-04.1 - Authority To Collect, Use, Maintain & Share Personal Data