...
- The accountable person may or may not be an employee of the organization
- different jurisdictions name/define and reference this role differently
- some jurisdictions, like the UK have a data controller registry, where this binding is public and legally required
- some jurisdictions, like the EU require an accountable data controller representative in the jurisdiction they are a service is operating in, in order to address legal data privacy and security issues that may arise.
- 2 or more Controllers might be accountable for processing of personal data
- The privacy law in some jurisdictions, can itself break privacy law in other jurisdictions by requiring the accountable person information to be published publicly,
- extend a privacy assurance profile by binding a VC for trust assurance
...