olemus
ISO/IEC 29100 nõue:
isikutuvastusteabe korraldaja peab andma isikuandmesubjektile
selge ja kergesti kättesaadava teabe enda tavade, poliitikate ja protseduuride jms kohta isikutuvastusteabe käsitlemisel ning
teavitama teda suurematest muudatustest
=
PII controllers need to provide clear and easily accessible
privacy statements about their practices, policies and procedures with respect to the handling of personally identifiable information to the PII principals. - -
Notices should be given to the PII principal when major changes in the PII handling procedures occur (see also explanation under the principle “compliance”)

ülevaateid
https://www.gsma.com/mobilefordevelopment/wp-content/uploads/2018/09/GSMA-Guidelines-on-mobile-money-data-protection.pdf (subsection 4)

https://www.cpomagazine.com/wp-content/uploads/2017/04/Using-ISACAs-Privacy-Principles-to-Create-and-Effective-Privacy-Program.pdf (subsection 7)

standard
https://www.iso.org/obp/ui/#iso:std:iso-iec:29100:ed-1:v1:en