https://wiki.idesg.org/index.php?action=history&feed=atom&title=Privacy_Req_1_Supplemental_Guidance 2026-05-26T14:18:11Z Revision history for this page on the wiki MediaWiki 1.38.4 https://wiki.idesg.org/index.php?title=Privacy_Req_1_Supplemental_Guidance&diff=5787&oldid=prev 2018-06-28T04:02:59Z

<p>5 revisions imported: Initial Upload of old pages from IDESG Wiki</p> <p><b>New page</b></p><div><br /> {{Under Construction}}<br /> <br /> &#039;&#039;&lt;&lt; Back to [[Privacy_Req_1|Privacy Requirement 1]]&#039;&#039;<br /> <br /> These links are provided as additional informative resources relevant to parties conducting self-assessments (and other identity stakeholders) when applying and evaluating IDEF Baseline Requirement PRIVACY-1.<br /> <br /> === Supplemental Information ===<br /> <br /> IDENTITY PROVIDERS and RELYING PARTIES which employ intermediaries are responsible for the actions of those intermediaries on their behalf, MUST implement protocols that mitigate the risk of intermediaries collecting personal information. See [[Interop_Req_8|INTEROP-8]] and [[Interop_Best_Practice_E|INTEROP-BP-E]].<br /> <br /> === References and Guidance (non-normative) ===<br /> <br /> * See ISO/IEC 29100 (2011) Privacy Framework, Section 5.5 (&quot;Data minimization&quot;). <br /> * See the HIPAA regulations for health care transactions, 45 CFR Part 164, at §§ 164.502(b) and 164.514(d): &quot;minimum necessary&quot; disclosure standard.<br /> * See AICPA/CICA Privacy Maturity Model based on GAPP [Collection 4.1.X] (chart) <br /> * See Privacy &amp; Biometrics: Building a Conceptual Foundation: Data [p46], Audit [p47].</div>

Omaerz