Privacy Best Practice A: Difference between revisions
Mary Hodder (talk | contribs) (updated roles for Phase II) |
(No difference)
|
Revision as of 20:59, 13 June 2018
<< Back to Baseline Functional Requirements Index
PRIVACY-BP-A. RECOMMENDED QUALITY CONTROLS
Entities SHOULD determine the necessary quality of personal information used in their digital identity management functions based on the risk of those functions and the information, including risk to the USERS involved.
SUPPLEMENTAL GUIDANCE
Entities obtaining personal information about a USER may have multiple ways to obtain the necessary data, or to assure its quality (generally, its accuracy, detail, timeliness or authoritative source). Some of those choices may be less invasive, or create less risk of USER privacy loss, than others. Additionally, some may result in higher- or lower-quality accuracy of the data. Entities SHOULD consider the effects of these choices on the USER whose personal information is being collected and used.
In the absence of formal data quality standards, entities SHOULD consider the timeliness, completeness, accuracy, and sources of data when evaluating the quality of personal information. These goals may be most easily implemented in system design, when identity management systems are being designed or renovated.
Regarding "personal information," see Appendix A and PRIVACY-1 (DATA MINIMIZATION).
REFERENCES
Further reference materials to aid organizations interested in conforming to these Requirements or best practices can be found at the wiki page Supplemental Privacy Guidance; this has been archived as of October 2015 at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx
APPLIES TO ACTIVITIES
REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION, INTERMEDIATION
KEYWORDS
ARCHITECTURE, DATA-INTEGRITY, LIMITATION, RISK
APPLIES TO ROLES
1 - RELYING PARTIES
2 - IDENTITY PROVIDERS
3 - Attribute Providers
4 – Intermediaries
5 - Credential Service Providers (where there is user interaction)
Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |