Omaerz: 10 revisions imported: Initial Upload of old pages from IDESG Wiki

2018-06-28T04:03:05Z

10 revisions imported: Initial Upload of old pages from IDESG Wiki

← Older revision	Revision as of 04:03, 28 June 2018
(No difference)

Mary Hodder: updated SG phase II

2018-06-13T20:43:55Z

updated SG phase II

New page

''<< Back to [[Baseline_Functional_Requirements_v1.0|Baseline Functional Requirements Index]]''

== PRIVACY-8. THIRD-PARTY LIMITATIONS ==
Wherever [[IDEF Glossary USERS|USERS]] make choices regarding the treatment of their [[IDEF Glossary PERSONAL INFORMATION|personal information]], those choices MUST be communicated effectively by that entity to any [[IDEF Glossary THIRD PARTIES|THIRD-PARTIES]] to which it transmits the personal information.

=== SUPPLEMENTAL GUIDANCE ===
Regarding "personal information", see [[APPENDIX_A-Defined_Terms|Appendix A]], and [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]].

One example of a USER's choice that creates a use limitation would be their election to restrict the
use of their personal information to specific purposes only. This Requirement broadly means that
entities convey all such restrictions to the "downstream" recipients of personal information, when they
share that information. However, this Requirement does not dictate what elective choices a USER
should be prompted to make; and it does not require an entity to convey (or enforce) a USER's choices
or instructions if those choices contradict law, regulation or legal process.

Please note, [[Interop Req 6|Requirement INTEROP-6 (THIRD-PARTY COMPLIANCE)]] also includes certain specific
duties in connection with THIRD-PARTIES receiving personal information from an entity.

Responsibilities for liability should be spelled out in agreements between organizations exchanging
personal information in the identity ecosystem, as well as the format and style of the communication of
user-stated privacy preferences and information.

This only applies instances of personal information passed to third parties.

=== REFERENCES ===
Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page [[Supplemental Privacy Guidance]]; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx

=== APPLIES TO ACTIVITIES ===
[[IDEF Functional Model REGISTRATION|REGISTRATION]], [[IDEF Functional Model CREDENTIALING|CREDENTIALING]], [[IDEF Functional Model AUTHENTICATION|AUTHENTICATION]], [[IDEF Functional Model AUTHORIZATION|AUTHORIZATION]], [[IDEF Functional Model INTERMEDIATION|INTERMEDIATION]]

=== KEYWORDS ===
[[IDEF Keywords CHOICE|CHOICE]], [[IDEF Keywords LIMITATION|LIMITATION]], [[IDEF Keywords NOTICE|NOTICE]], [[IDEF Keywords PORTABILITY|PORTABILITY]], [[IDEF Keywords PRIVACY|PRIVACY]], [[IDEF Keywords THIRD PARTIES|THIRD-PARTIES]]

=== APPLIES TO ROLES ===
1 - [[IDEF Glossary RELYING PARTIES|RELYING PARTIES]] 
2 - [[IDEF Glossary IDENTITY PROVIDERS|IDENTITY PROVIDERS]] 
3 - Attribute Providers 
4 – Intermediaries 
5 - Credential Service Providers (where there is user interaction) 

----
----
Quick Links: [[SALS]] | [[Baseline Functional Requirements v1.0]] | [[Glossary]] |

----
----

Privacy Req 8 - Revision history

Omaerz: 10 revisions imported: Initial Upload of old pages from IDESG Wiki

Mary Hodder: updated SG phase II