Organizations should enact policies for privacy and protecting personally identifiable information (PII) and communicate it to relevant parties. Procedures for preserving privacy and protecting PII should be developed and told to all those relevant to processing the information. Handling PII should follow relevant laws and regulations, and applicable technical and organizational actions should be enacted to protect the information. Examples of relevant regulatory standards include GDPR, CCP, SOC2, etc.
Conformance1
Tools for conforming to standards, goals and processes
