Privacy Req 9: Difference between revisions
Mary Hodder (talk | contribs) (updated SG for phase II) |
(No difference)
|
Revision as of 20:44, 13 June 2018
<< Back to Baseline Functional Requirements Index
PRIVACY-9. USER NOTICE OF CHANGES
Entities MUST, upon any material changes to a service or process that affects the prior or ongoing collection, generation, use, transmission, or storage of USERS’ personal information, notify those USERS, and provide them with compensating controls designed to mitigate privacy risks that may arise from those changes, which may include seeking express affirmative consent of USERS in accordance with relevant law or regulation.
SUPPLEMENTAL GUIDANCE
Once USERS have been notified of the planned uses and processing of their personal information (see PRIVACY 6 (USAGE NOTICE)), and exercised whatever consent, limitation or withdrawal rights they have (see PRIVACY-7 (USER DATA CONTROL)), material changes to those uses or processing may render their choices obsolete, so entities should refresh the USER's opportunity to exercise those controls in light of the new information. (See USABLE-4 (NAVIGATION), USABLE-5 (ACCESSIBILITY) and USABLE-6 (USABILITY FEEDBACK).)
Regarding "personal information", see Appendix A, and PRIVACY-1 (DATA MINIMIZATION).
“Express affirmative consent” should not be used to mitigate privacy risks created by technical architecture or design, or to mitigate risks that individuals could not be reasonably expected to be able to assess; see PRIVACY-5 (DATA AGGREGATION RISK).
“Compensating controls” are controls or mechanisms, which may operate either by policy or (preferably) technology, designed to mitigate privacy risks that may arise when a material change is made to the system. Examples might include an opportunity to assent or withdraw, or risk-shifting rules occurring upon a change. Those controls can be under user administration, but only if the user can be reasonably expected to understand how to use those mechanisms to effectively mitigate their risk.
The Kantara Consent Receipt is now available (January 2018) in draft form at https://groups.google.com/forum/#!topic/wg-infosharing/553qIdgaq0o
REFERENCES
Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page Supplemental Privacy Guidance; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx
APPLIES TO ACTIVITIES
REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION, INTERMEDIATION
KEYWORDS
CHANGES, CONSENT, NOTICE, PRIVACY, PURPOSE
APPLIES TO ROLES
1 - RELYING PARTIES
2 - IDENTITY PROVIDERS
3 - Attribute Providers
4 – Intermediaries
5 - Credential Service Providers (where there is user interaction)
Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |