PM-26 Complaint Management
Implement a process for receiving and responding to complaints, concerns, or questions from individuals about the organizational security and privacy practices that includes:
a. Mechanisms that are easy to use and readily accessible by the public;
b. All information necessary for successfully filing complaints;
c. Tracking mechanisms to ensure all complaints received are reviewed and addressed within pm-26_prm_1;
d. Acknowledgement of receipt of complaints, concerns, or questions from individuals within pm-26_odp.03 ; and
e. Response to complaints, concerns, or questions from individuals within pm-26_odp.04.
|pm-26_prm_1||organization-defined time period|
Complaints, concerns, and questions from individuals can serve as valuable sources of input to organizations and ultimately improve operational models, uses of technology, data collection practices, and controls. Mechanisms that can be used by the public include telephone hotline, email, or web-based forms. The information necessary for successfully filing complaints includes contact information for the senior agency official for privacy or other official designated to receive complaints. Privacy complaints may also include personally identifiable information which is handled in accordance with relevant policies and processes.
- OMB A-130 Office of Management and Budget Memorandum Circular A-130, *Managing Information as a Strategic Resource* , July 2016.
Related controls 4
- IR-07 Incident Response Assistance L M H P
- IR-09 Information Spillage Response L M H P
- PM-22 Personally Identifiable Information Quality Management L M H P
- SI-18 Personally Identifiable Information Quality Operations L M H P