Privacy Req 1 Supplemental Guidance: Difference between revisions
Jump to navigation
Jump to search
m (5 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 04:02, 28 June 2018
Error creating thumbnail: File missing |
This article is under construction and should not be considered complete.
Last modified by Omaerz |
<< Back to Privacy Requirement 1
These links are provided as additional informative resources relevant to parties conducting self-assessments (and other identity stakeholders) when applying and evaluating IDEF Baseline Requirement PRIVACY-1.
Supplemental Information
IDENTITY PROVIDERS and RELYING PARTIES which employ intermediaries are responsible for the actions of those intermediaries on their behalf, MUST implement protocols that mitigate the risk of intermediaries collecting personal information. See INTEROP-8 and INTEROP-BP-E.
References and Guidance (non-normative)
- See ISO/IEC 29100 (2011) Privacy Framework, Section 5.5 ("Data minimization").
- See the HIPAA regulations for health care transactions, 45 CFR Part 164, at §§ 164.502(b) and 164.514(d): "minimum necessary" disclosure standard.
- See AICPA/CICA Privacy Maturity Model based on GAPP [Collection 4.1.X] (chart)
- See Privacy & Biometrics: Building a Conceptual Foundation: Data [p46], Audit [p47].