PT-3 Personally Identifiable Information Processing Purposes

Description

Identifying and documenting the purpose for processing provides organizations with a basis for understanding why personally identifiable information may be processed. The term Organizations take steps to help ensure that personally identifiable information is processed only for identified purposes, including training organizational personnel and monitoring and auditing organizational processing of personally identifiable information. Organizations monitor for changes in personally identifiable information processing. Organizational personnel consult with the senior agency official for privacy and legal counsel to ensure that any new purposes that arise from changes in processing are compatible with the purpose for which the information was collected, or if the new purpose is not compatible, implement mechanisms in accordance with defined requirements to allow for the new processing, if appropriate. Mechanisms may include obtaining consent from individuals, revising privacy policies, or other measures to manage privacy risks that arise from changes in personally identifiable information processing purposes.

Applicability

This control applies to all information Owners and Custodians.

Implementation

TAMU-CC Shall:

  1. Identify and document the purpose(s) for processing personally identifiable information;
  2. Describe the purpose(s) in the public privacy notices and policies of the organization;
  3. Restrict the processing of personally identifiable information to only that which is compatible with the identified purpose(s); and
  4. Monitor changes in processing personally identifiable information and implement mechanisms to ensure that any changes are made In accordance with federal laws, executive orders, directives, policies, regulations, standards, and/or guidance.
  5. Reduce, and eliminate where possible, the collection and/or use of sensitive personal information [TxBCC 521.002] in information resources under the control of the organization.

Revision History

Last Updated: February 21, 2025

Previous Versions:

  • June 29, 2023
  • May 31, 2022
  • March 25, 2021
  • September 16, 2019

Chief Information Security and Privacy Officer

Submit a Ticket

News

See All News

Events

See All Events