https://wiki.idesg.org/index.php?action=history&feed=atom&title=Privacy_Req_5
Privacy Req 5 - Revision history
2026-05-06T10:00:04Z
Revision history for this page on the wiki
MediaWiki 1.38.4
https://wiki.idesg.org/index.php?title=Privacy_Req_5&diff=5861&oldid=prev
Omaerz: 15 revisions imported: Initial Upload of old pages from IDESG Wiki
2018-06-28T04:03:03Z
<p>15 revisions imported: Initial Upload of old pages from IDESG Wiki</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<tr class="diff-title" lang="en">
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 04:03, 28 June 2018</td>
</tr><tr><td colspan="2" class="diff-notice" lang="en"><div class="mw-diff-empty">(No difference)</div>
</td></tr></table>
Omaerz
https://wiki.idesg.org/index.php?title=Privacy_Req_5&diff=5860&oldid=prev
Mary Hodder: added info from linked SG page
2018-06-18T22:00:00Z
<p>added info from linked SG page</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 22:00, 18 June 2018</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l20">Line 20:</td>
<td colspan="2" class="diff-lineno">Line 20:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>the application of limitations to, and scope of, individual transactions and data exchanges.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>the application of limitations to, and scope of, individual transactions and data exchanges.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>See also <del style="font-weight: bold; text-decoration: none;">[[</del>Privacy <del style="font-weight: bold; text-decoration: none;">Req 5 Supplemental Guidance]]</del>.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">=== Supplemental Information ===</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">Collection of personal information from repeated data transactions, which can be associated to form a larger body of knowledge about individuals, increases their privacy risk if the aggregated data exceeds the amount and nature needed for the original purposes of collection. </ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">=== References and Guidance (non-normative) ===</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">* PbD De-identification Center, https://www.privacybydesign.ca/index.php/de-identification-centre/ </ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">* </ins>See also <ins style="font-weight: bold; text-decoration: none;">the definition of "data aggregation" in § 164.501, and the discussions about the use of identified versus de-identified data in § 164.514(a),(b) and § 164.502(d), of the HIPAA regulations for health care transactions, 45 CFR Part 164: http://www.ecfr.gov/cgi-bin/text-idx?node=pt45.1.164&rgn=div5 </ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">* See OASIS </ins>Privacy <ins style="font-weight: bold; text-decoration: none;">Management Reference Model (PMRM) v1.0: Section 4.2 ("Service Details")</ins>.</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== REFERENCES ===</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== REFERENCES ===</div></td></tr>
</table>
Mary Hodder
https://wiki.idesg.org/index.php?title=Privacy_Req_5&diff=5859&oldid=prev
Mary Hodder: added roles for phase II
2018-06-13T20:40:09Z
<p>added roles for phase II</p>
<p><b>New page</b></p><div>''<< Back to [[Baseline_Functional_Requirements_v1.0|Baseline Functional Requirements Index]]''<br />
<br />
== PRIVACY-5. DATA AGGREGATION RISK ==<br />
Entities MUST assess the privacy risk of aggregating [[IDEF Glossary PERSONAL INFORMATION|personal information]], in systems and processes where it is collected, generated, used, transmitted, or stored, and wherever feasible, MUST design and operate their systems and processes to minimize that risk. Entities MUST assess and limit linkages of personal information across multiple transactions without the [[IDEF Glossary USERS|USER]]'s explicit consent.<br />
<br />
=== SUPPLEMENTAL GUIDANCE ===<br />
Regarding "personal information", see [[APPENDIX_A-Defined_Terms|Appendix A]], and [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]].<br />
<br />
Collection of personal information from repeated data transactions, which can be associated to form<br />
a larger body of knowledge about individuals, may increase their privacy risk. For example: An Identity<br />
Provider’s ability to facilitate transactions between a user and multiple relying parties may give the<br />
Identity Provider privileged insights into the users’ behavior. Such information is the result of the<br />
Identity Provider’s ability to link user interactions across transactions.<br />
<br />
“Users’ explicit consent” alone should not be used to mitigate privacy risks created by technical<br />
architecture or design, such as to mitigate risks that individuals could not be reasonably expected to be<br />
able to assess.<br />
<br />
See also Requirements [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]] and [[Privacy Req 2|PRIVACY-2 (PURPOSE LIMITATION)]] on<br />
the application of limitations to, and scope of, individual transactions and data exchanges.<br />
<br />
See also [[Privacy Req 5 Supplemental Guidance]].<br />
<br />
=== REFERENCES ===<br />
Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page [[Supplemental Privacy Guidance]]; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx<br />
<br />
=== APPLIES TO ACTIVITIES ===<br />
[[IDEF Functional Model REGISTRATION|REGISTRATION]], [[IDEF Functional Model CREDENTIALING|CREDENTIALING]], [[IDEF Functional Model AUTHENTICATION|AUTHENTICATION]], [[IDEF Functional Model AUTHORIZATION|AUTHORIZATION]], [[IDEF Functional Model INTERMEDIATION|INTERMEDIATION]]<br />
<br />
<br />
=== KEYWORDS ===<br />
[[IDEF Keywords AGGREGATION|AGGREGATION]], [[IDEF Keywords CONSENT|CONSENT]], [[IDEF Keywords DESIGN|DESIGN]], [[IDEF Keywords LIMITATION|LIMITATION]], [[IDEF Keywords PRIVACY|PRIVACY]], [[IDEF Keywords RISK|RISK]]<br />
<br />
=== APPLIES TO ROLES ===<br />
1 - [[IDEF Glossary RELYING PARTIES|RELYING PARTIES]] <br><br />
2 - [[IDEF Glossary IDENTITY PROVIDERS|IDENTITY PROVIDERS]] <br><br />
3 - Attribute Providers <br><br />
4 – Intermediaries <br><br />
5 - Credential Service Providers (where there is user interaction) <br><br />
<br />
----<br />
----<br />
Quick Links: [[SALS]] | [[Baseline Functional Requirements v1.0]] | [[Glossary]] |<br />
<br />
----<br />
----</div>
Mary Hodder