...
- The accountable person may or may not be an employee of the organization
- different jurisdictions name/define and reference this role differently
- some jurisdictions, like the UK have a data controller registry, where this binding is public and legally required
- some jurisdictions, like the EU require an accountable data controller representative in the jurisdiction a service is operating in, in order to address legal data privacy and security issues that may arise.
- 2 or more Controllers might be accountable for processing of personal data
- identify in context of service use for any user who the controller and accountable person is
- The privacy law in some jurisdictions, can itself break privacy law in other jurisdictions by requiring the accountable person information to be published publicly,
- extend a privacy assurance profile by binding a VC for trust assurance
...