Omaerz: 16 revisions imported: Initial Upload of old pages from IDESG Wiki

2018-06-28T04:03:04Z

16 revisions imported: Initial Upload of old pages from IDESG Wiki

← Older revision	Revision as of 04:03, 28 June 2018
(No difference)

Mary Hodder: added roles to updated SG phase II

2018-06-13T20:41:16Z

added roles to updated SG phase II

New page

''<< Back to [[Baseline_Functional_Requirements_v1.0|Baseline Functional Requirements Index]]''

== PRIVACY-6. USAGE NOTICE ==
Entities MUST provide concise, meaningful, and timely communication to [[IDEF Glossary USERS|USERS]] describing how they collect, generate, use, transmit, and store [[IDEF Glossary PERSONAL INFORMATION|personal information]].

=== SUPPLEMENTAL GUIDANCE ===
Regarding "personal information", see [[APPENDIX_A-Defined_Terms|Appendix A]], and [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]].

The goal of notice is to work toward informed consent from USERS: functional requirements should
work toward strategies for improving USERS' understanding of their choices when engaging with
services. Strategies include layered approaches, just-in-time notice, and other examples that can
illustrate effective types of notice mechanism alternatives to privacy policies. In the case of material
changes to the service, entities shall provide clear and conspicuous descriptions of the changes and
their impacts on USERS in advance of the change.

“Consent” alone should not be used to mitigate privacy risks created by technical architecture or
design, such as to mitigate risks that individuals could not be reasonably expected to be able to assess;
see [[Privacy Req 5|PRIVACY-5 (DATA AGGREGATION RISK)]].

See also Requirements [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]] and [[Privacy Req 2|PRIVACY-2 (PURPOSE LIMITATION)]] on
the application of limitations to, and scope of, individual transactions and data exchanges.

See also the [[Baseline_Functional_Requirements_v1.0#Usability|IDESG Usability Requirements]] (USABLE-1 through USABLE-7) regarding the clarity of
notices given to USERS and others.

=== REFERENCES ===
Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page [[Supplemental Privacy Guidance]]; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx

The Kantara Consent Receipt is now available (January 2018) in draft form at https://groups.google.com/forum/#!topic/wg-infosharing/553qIdgaq0o

=== APPLIES TO ACTIVITIES ===
[[IDEF Functional Model REGISTRATION|REGISTRATION]], [[IDEF Functional Model CREDENTIALING|CREDENTIALING]], [[IDEF Functional Model AUTHENTICATION|AUTHENTICATION]], [[IDEF Functional Model AUTHORIZATION|AUTHORIZATION]], [[IDEF Functional Model INTERMEDIATION|INTERMEDIATION]]

=== KEYWORDS ===
[[IDEF Keywords NOTICE|NOTICE]], [[IDEF Keywords POLICIES|POLICIES]], [[IDEF Keywords PRIVACY|PRIVACY]]

=== APPLIES TO ROLES ===
1 - [[IDEF Glossary RELYING PARTIES|RELYING PARTIES]] <br>
2 - [[IDEF Glossary IDENTITY PROVIDERS|IDENTITY PROVIDERS]] <br>
3 - Attribute Providers <br>
4 – Intermediaries <br>

----
----
Quick Links: [[SALS]] | [[Baseline Functional Requirements v1.0]] | [[Glossary]] |

----
----

Privacy Req 6 - Revision history

Omaerz: 16 revisions imported: Initial Upload of old pages from IDESG Wiki

Mary Hodder: added roles to updated SG phase II