Source | Azure Portal | ||||||||||||||||||||||
Display name | Respond to rectification requests | ||||||||||||||||||||||
Id | 27ab3ac0-910d-724d-0afa-1a2a01e996c0 | ||||||||||||||||||||||
Version | 1.1.0 Details on versioning |
||||||||||||||||||||||
Versioning |
Versions supported for Versioning: 1 1.1.0 Built-in Versioning [Preview] |
||||||||||||||||||||||
Category | Regulatory Compliance Microsoft Learn |
||||||||||||||||||||||
Description | CMA_0442 - Respond to rectification requests | ||||||||||||||||||||||
Additional metadata |
Name/Id: CMA_0442 / CMA_0442 Category: Operational Title: Respond to rectification requests Ownership: Customer Description: Microsoft recommends that your organization develop processes and procedures to respond to data subject requests for rectification of personal data, such as editing, redacting, or removing personal data from a document or other data file. If a data subject has asked your organization to rectify the personal data that resides in your organization's data stored in Azure, it is recommended that your organization determine whether to honor the request based on relevant artifacts. Data rectification can include editing, redacting, or removing personal data from a document or other data file. The most expedient way to fulfill the request may be to ask the data/document owner to use the appropriate Azure application to make the requested change. An alternative is to have an IT admin in your organization make the change. We recommend that your organization consider the following while addressing the rectification request: - Address the request within the applicable regulation timeline - Inform the data subject of any extensions to the timeline, in accordance with the applicable regulation - Establish a process for disseminating corrections or amendments of the personal data to other authorized users of the data, such as external information-sharing partners and, where feasible and appropriate, notify affected individuals that their information has been corrected or amended - Ensure that the rectification to personal data does not obliterate/remove the original personal information - Provide the data subject with a written notice of refusal and reasons of refusal, within the appropriate time frame - Allow the data subject to refute the refusal - Attach a note or a statement of correction to the data that was expected to be rectified if the data cannot be corrected or rectified. Some scenarios in which your organization may choose to deny a data rectification request, as per applicable regulations, include: - If fulfilling the request would constitute in the violation of a court order - If the individual's identity cannot be established - If fulfilling the request would lead to disclosing the identity of other data subjects - If the request is not within the data subject's rights - If fulfilling the request is not reasonably practicable in the given circumstances. Mexico's Federal Data Protection Law requires organizations who are data controllers to inform data subjects within 20 days from the date of receiving the request for modification of data. Argentina Personal Data Protection Act requires organizations (or person responsible for or the user of the data bank) who are data controllers to inform data subjects within 5 days from the date of receiving the request for rectification or modification or suppression of data. Korea- Credit Information Use And Protection Act requires organizations to stop processing of personal data immediately when the data subject requests for correction of his or her data or makes an inquiry on data accuracy. Requirements: The customer is responsible for implementing this recommendation. |
||||||||||||||||||||||
Mode | All | ||||||||||||||||||||||
Type | BuiltIn | ||||||||||||||||||||||
Preview | False | ||||||||||||||||||||||
Deprecated | False | ||||||||||||||||||||||
Effect | Default Manual Allowed Manual, Disabled |
||||||||||||||||||||||
RBAC role(s) | none | ||||||||||||||||||||||
Rule aliases | none | ||||||||||||||||||||||
Rule resource types | IF (1) Microsoft.Resources/subscriptions |
||||||||||||||||||||||
Compliance |
The following 1 compliance controls are associated with this Policy definition 'Respond to rectification requests' (27ab3ac0-910d-724d-0afa-1a2a01e996c0)
| ||||||||||||||||||||||
Initiatives usage |
|
||||||||||||||||||||||
History |
|
||||||||||||||||||||||
JSON compare |
compare mode:
version left:
version right:
|
||||||||||||||||||||||
JSON |
|