# Retrieve Privacy Enforcement Actions source: https://developer.mastercard.com/riskrecon-api/documentation/use-cases/portfolio-management/portfolio/get-priv-enforcement/index.md ## Overview {#overview} The `GET Privacy Enforcement Actions` endpoint retrieves privacy enforcement actions across a customer's portfolio, enabling focused analysis of regulatory outcomes that affect vendors (TOEs) and their data handling practices. It aggregates official actions recorded by enforcement authorities and returns them in a normalized feed for programmatic review and reporting. The response provides insight into the nature of each enforcement action, including its classification and relevant contextual metadata. When available, this metadata includes the governing authority, action category, jurisdiction, affected organization (TOE), dates and timestamps, and other descriptors that help track the lifecycle and potential impact of the action. These details support compliance posture assessments and portfolio-level oversight. ## Sequence Diagram {#sequence-diagram} Diagram retrieve-priv-enforcement ## Execution Steps {#execution-steps} 1. The user sends a `GET` request specifying a `TOE ID` (`toe_id`, mandatory), and optionally includes: * `sort_attribute`: if selected, will allow the user to sort the results of enforcement actions by default value of "enforcement_action_date". * `enforcement_action_start_date`: to filter enforcement actions starting from the provided dates in the format of YYYY-MM-DD. * `toe_id`: filters for enforcement actions for a specific `toe_id`. * `risk_relationship_slugs`: filters enforcement actions for a list of folders. 2. RiskRecon returns privacy enforcement actions associated with the parameters provided. ## Sample Request and Response {#sample-request-and-response} For a sample response of this API, see [GET Privacy Enforcement Actions](https://static.developer.mastercard.com/content/riskrecon-api/documentation/testing/portfolio-samples/get-priv-enforcement-smpl.md). ## Use Case Examples {#use-case-examples} ### Support Compliance Oversight Workflows {#support-compliance-oversight-workflows} Compliance teams can use this endpoint to monitor enforcement actions tied to specific vendors (TOEs). This helps identify vendors with privacy-related enforcement exposure and prioritize remediation or reviews. #### Request Parameters: {#request-parameters} * `toe_id`: \*\*\*\*\*\*\*(mandatory) * `enforcement_action_start_date`: 2021-01-01 (YYYY-MM-DD) #### Response fields: {#response-fields} * `description`: Provide context for the enforcement action. * `enforcement_action_date`: Indicates when the action occurred. * `regulation` and `regulatory_body`: Identify the governing regulation and authority. * `sources`: Links to official documentation for audit purposes. * `toe_id` and `toe_short_name`: The vendor impacted by the enforcement action. ### Support Audit Preparation and Reporting {#support-audit-preparation-and-reporting} Audit teams can use this endpoint to collect evidence of regulatory actions for vendors under review, ensuring accurate documentation and compliance verification. #### Request Parameters: {#request-parameters-1} * `toe_id`: \*\*\*\*\*\*\*\*\*\*\*\*(mandatory) * `enforcement_action_start_date`: 2021-01-01 #### Response fields:  {#response-fields-1} * `description`: Provides details of the enforcement action. * `sources`: Links to official notices for evidence collection. * `enforcement_action_date`: Confirms timeline for regulatory events. ## Endpoint {#endpoint} API Reference: `GET v1/privacy/portfolio_enforcement_actions`