Privacy Req 11: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
(updated roles)
(No difference)

Revision as of 20:48, 13 June 2018

<< Back to Baseline Functional Requirements Index

PRIVACY-11. OPTIONAL INFORMATION

Entities MUST clearly indicate to USERS what personal information is mandatory and what information is optional prior to the transaction.

SUPPLEMENTAL GUIDANCE

Regarding "personal information", see Appendix A, and PRIVACY-1 (DATA MINIMIZATION).

See also the IDESG Usability Requirements (USABLE-1 through USABLE-7) regarding the clarity of notices given to USERS and others.

Additional best practices for indicating optionality are provided in PRIVACY-BP-C (RECOMMENDED CONSEQUENCES OF DECLINING).

It may be appropriate to have a "don't ask me again" check box for a series of transactions of the same type.

For example: If personal information is requested from USERS during registration that is beyond the minimum necessary to complete an eligibility decision, that personal information should be clearly marked as optional.

Regarding "mandatory" and "optional", in this Requirement, if personal information is requested from USERS during registration that is beyond the minimum necessary to complete an eligibility decision, that personal information should be clearly marked as optional. That optional designation should include a short and clear description justifying the request of that data.

If an organization requests to release attributes values during a transaction that are the beyond the minimum necessary to complete that transaction, that release should be clearly presented as optional/a choice. That optional designation should include a short and clear description justifying the release of that data.

If information or attribute value release is designated as mandatory, that designation should include a short and clear description of the consequences of declining to provide that information or allowing that release. See PRIVACY-10 (USER OPTION TO DECLINE).

REFERENCES

Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page Supplemental Privacy Guidance; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx

APPLIES TO ACTIVITIES

REGISTRATION, AUTHORIZATION

KEYWORDS

CHOICE, LIMITATION, NOTICE


APPLIES TO ROLES

1 - RELYING PARTIES
4 – Intermediaries



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |