(Revised: 06/2014)

Policy: Information asset owners shall collect the least amount of personal information that is required to fulfill the purposes for which it is being collected. Information asset owners shall obtain personal information only through lawful means and shall collect personal information to the greatest extent practicable directly from the individual who is the subject of the information rather than from another source. Information asset owners shall endeavor to collect non-personal information, instead of personal information, if it is able to fulfill the same requirements.

Implementation Controls:  NIST SP 800-53: Appendix J-Privacy Control Catalog


No Revisions for this item.

Search Entire Manual

Print Entire SAM