Summary

The system must allow its users to request rectification of the collected data belonging to them.

Description

Systems usually request information from their users, obtain it from third parties or collect it based on their interactions with the application. They should have a mechanism that allows users to find out about this information and request rectification if they consider it necessary.

References

• GDPR-11_2. Processing which does not require identification
• GDPR-16_1. Right to rectification
• GDPR-89_2. Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
• GDPR-89_3. Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
• SOC2-P5_2. Additional criteria for privacy (related to access)
• CCPA-1798_100. General duties of businesses that collect personal information
• CCPA-1798_106. Consumer's right to correct inaccurate personal information
• NYDFS-500_10. Cybersecurity personnel and intelligence
• PDPA-5_22. Correction of personal data
• POPIA-3A_24. Correction of personal information
• PDPO-5_22. Data correction request
• PDPO-5_23. Compliance with data correction request
• PDPO-S1_2. Accuracy and duration of retention of personal data
• PDPO-S1_6. Access to personal data
• HITRUST-05_k. Addressing security in third party agreements
• HITRUST-09_g. Managing changes to third party services
• HITRUST-13_m. Accuracy and quality
• HITRUST-13_n. Participation and redress
• LGPD-18_III. Data Subjects Rights
• LGPD-20. Data Subjects Rights
• OWASPRISKS-P9. Inability of users to access and modify data
• SIG-P_6. Privacy
• OWASPLLM-LLM09:2025. Misinformation

Weaknesses

• 088. Privacy violation
• 456. AI misinformation