The organization limits the collection and retention of personally identifiable information (PII) to the minimum elements identified for the purposes which the individual has provided consent.
No STIG checks reference this CCI.