NIST 800-53 REV 5 • PROGRAM MANAGEMENT

PM-27Privacy Reporting

Develop {{ insert: param, pm-27_odp.01 }} and disseminate to: {{ insert: param, pm-27_odp.02 }} to demonstrate accountability with statutory, regulatory, and policy privacy mandates; and {{ insert: param, pm-27_odp.03 }} and other personnel with responsibility for monitoring privacy program compliance; and Review and update privacy reports {{ insert: param, pm-27_odp.04 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Through internal and external reporting, organizations promote accountability and transparency in organizational privacy operations. Reporting can also help organizations to determine progress in meeting privacy compliance requirements and privacy controls, compare performance across the federal government, discover vulnerabilities, identify gaps in policy and implementation, and identify models for success. For federal agencies, privacy reports include annual senior agency official for privacy reports to OMB, reports to Congress required by Implementing Regulations of the 9/11 Commission Act, and other public reports required by law, regulation, or policy, including internal policies of organizations. The senior agency official for privacy consults with legal counsel, where appropriate, to ensure that organizations meet all applicable privacy reporting requirements.

Practitioner Notes

Your privacy program must produce regular reports for leadership and oversight bodies on the state of privacy within your organization — what is working, what needs attention, and any incidents that occurred.

Example 1: Create a quarterly privacy report that covers: number of data subject requests received and completed, privacy incidents and breaches, status of privacy impact assessments, training completion rates, and any new data collection activities approved by the governance body.

Example 2: In Microsoft Purview, export the Data Subject Request reports and Compliance Score trends. Combine these with your manual tracking data into a dashboard (Power BI works well) that leadership can review at a glance during governance meetings.

More Program Management Controls

PM-1 Information Security Program Plan PM-2 Information Security Program Leadership Role PM-3 Information Security and Privacy Resources PM-4 Plan of Action and Milestones Process