Privacy Req 7: Difference between revisions
Mary Hodder (talk | contribs) (updated SG for phase II) |
(No difference)
|
Revision as of 20:42, 13 June 2018
<< Back to Baseline Functional Requirements Index
PRIVACY-7. USER DATA CONTROL
Entities MUST provide appropriate mechanisms to enable USERS to access, correct, and delete personal information.
SUPPLEMENTAL GUIDANCE
Regarding "personal information", see Appendix A, and PRIVACY-1 (DATA MINIMIZATION) and INTEROP-7 (USER REDRESS).
“Appropriate” broadly means mechanisms for management of personal information should be effective, easy to use, and accessible. (See USABLE-1 (USABILITY PRACTICES), USABLE-3 (PLAIN LANGUAGE), and USABLE-5 (ACCESSIBILITY) for guidance on the usability of such mechanisms.)
"Deletion” generally refers to removal of the data from availability. Data disposal, its complete removal from the complying entity's own systems and control, may depend on the legal and contractual requirements applicable to the data; see PRIVACY-14 (DATA RETENTION AND DISPOSAL).
Note: Intermediaries (third parties) may not have direct control over the information that flows through their systems, but should deploy mechanisms that support entity’s ability to conform to this Requirement. See INTEROP-6 (THIRD-PARTY COMPLIANCE).
See the IDESG Functional Model for definition of Transaction Intermediation for the scope of “intermediaries.” The functional model describes Transaction Intermediation as “Processes and procedures that limit linkages between transactions and facilitate credential portability." This includes functions defined as “Blinding,” “Pseudonymization/Anonymization,” and “Exchange.”
REFERENCES
Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page Supplemental Privacy Guidance; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx
APPLIES TO ACTIVITIES
REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION, INTERMEDIATION
KEYWORDS
CHANGES, CHOICE, CONTROL, CORRECTION, PRIVACY, RETENTION
APPLIES TO ROLES
1 - RELYING PARTIES
2 - IDENTITY PROVIDERS
3 - Attribute Providers
4 – Intermediaries
5 - Credential Service Providers (where there is user interaction)
Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |