Skip to content

Health and Biometric Data Type Declaration Mismatch

Health and Biometric Data Type Declaration Mismatch

Description

If the Health and Biometric data type declaration in your privacy policy does not match the actual usage of such data, it could lead to potential legal and regulatory issues, as well as erode trust with users who may feel their sensitive information is not being handled appropriately.

Recommendation

To mitigate vulnerability, ensure that the health and biometric data type declaration in your privacy policy accurately reflects how this data is collected, stored, and used within your organization. Regularly review and update your privacy policy to align with any changes in data handling practices and ensure transparency with users about how their sensitive information is being managed. Conduct regular audits and assessments to ensure compliance with relevant regulations and industry best practices.

Standards

  • OWASP_MASVS_L1:
  • OWASP_MASVS_L2:
  • OWASP_MASVS_RESILIENCE:
  • CWE_TOP_25:
  • GDPR:
    • ART_5
    • ART_6
    • ART_7
    • ART_9
    • ART_11
    • ART_13
    • ART_15
    • ART_16
    • ART_17
    • ART_32
  • CCPA:
    • CCPA_1798_100
    • CCPA_1798_105
    • CCPA_1798_110
    • CCPA_1798_115
    • CCPA_1798_120
    • CCPA_1798_125
    • CCPA_1798_130
    • CCPA_1798_135
    • CCPA_1798_140
    • CCPA_1798_150
  • PCI_STANDARDS:
  • OWASP_MASVS_v2_1:
    • MASVS_PRIVACY_1
    • MASVS_PRIVACY_2
    • MASVS_PRIVACY_3
    • MASVS_PRIVACY_4
  • OWASP_ASVS_L1:
  • OWASP_ASVS_L2:
  • OWASP_ASVS_L3:
  • SOC2_CONTROLS:
    • CC_2_3
    • CC_5_3