https://wiki.idesg.org/index.php?action=history&feed=atom&title=Privacy_Req_13Privacy Req 13 - Revision history2026-05-06T09:57:25ZRevision history for this page on the wikiMediaWiki 1.38.4https://wiki.idesg.org/index.php?title=Privacy_Req_13&diff=5752&oldid=prevOmaerz: 8 revisions imported: Initial Upload of old pages from IDESG Wiki2018-06-28T04:02:58Z<p>8 revisions imported: Initial Upload of old pages from IDESG Wiki</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<tr class="diff-title" lang="en">
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 04:02, 28 June 2018</td>
</tr><tr><td colspan="2" class="diff-notice" lang="en"><div class="mw-diff-empty">(No difference)</div>
</td></tr></table>Omaerzhttps://wiki.idesg.org/index.php?title=Privacy_Req_13&diff=5751&oldid=prevMary Hodder: updated SG for phase II2018-06-13T20:53:51Z<p>updated SG for phase II</p>
<p><b>New page</b></p><div>''<< Back to [[Baseline_Functional_Requirements_v1.0|Baseline Functional Requirements Index]]''<br />
<br />
== PRIVACY-13. CONTROLS PROPORTIONATE TO RISK ==<br />
Controls on the processing or use of [[IDEF Glossary USERS|USERS]]' [[IDEF Glossary PERSONAL INFORMATION|personal information]] MUST be commensurate with the degree of risk of that processing or use. A privacy risk analysis MUST be conducted by entities who conduct [[IDEF Glossary DIGITAL IDENTITY MANAGEMENT FUNCTIONS|digital identity management functions]], to establish what risks those functions pose to users' privacy.<br />
<br />
=== SUPPLEMENTAL GUIDANCE ===<br />
Regarding "personal information", see [[APPENDIX_A-Defined_Terms|Appendix A]], and [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]].<br />
<br />
Many risk analysis models include examples or guidance about the implementation of controls that<br />
are appropriate to either specific risks or levels of existing risk. Entities may satisfy this Requirement by<br />
confirming that they have conducted that risk assessment and, based on that assessment, made<br />
appropriate adjustments to their practices. <br />
<br />
=== REFERENCES ===<br />
Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page [[Supplemental Privacy Guidance]]; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx<br />
<br />
=== APPLIES TO ACTIVITIES ===<br />
[[IDEF Functional Model REGISTRATION|REGISTRATION]], [[IDEF Functional Model CREDENTIALING|CREDENTIALING]], [[IDEF Functional Model AUTHENTICATION|AUTHENTICATION]], [[IDEF Functional Model AUTHORIZATION|AUTHORIZATION]], [[IDEF Functional Model INTERMEDIATION|INTERMEDIATION]]<br />
<br />
=== KEYWORDS ===<br />
[[IDEF Keywords ASSESSMENT|ASSESSMENT]], [[IDEF Keywords CONTROL|CONTROLS]], [[IDEF Keywords LIMITATION|LIMITATION]], [[IDEF Keywords POLICIES|POLICIES]], [[IDEF Keywords PRIVACY|PRIVACY]], [[IDEF Keywords RISK|RISK]]<br />
<br />
=== APPLIES TO ROLES ===<br />
1 - [[IDEF Glossary RELYING PARTIES|RELYING PARTIES]] <br><br />
2 - [[IDEF Glossary IDENTITY PROVIDERS|IDENTITY PROVIDERS]] <br><br />
3 - Attribute Providers <br><br />
4 – Intermediaries <br><br />
5 - Credential Service Providers (where there is user interaction) <br><br />
<br />
----<br />
----<br />
Quick Links: [[SALS]] | [[Baseline Functional Requirements v1.0]] | [[Glossary]] |<br />
<br />
----<br />
----</div>Mary Hodder