Privacy Best Practice C
<< Back to Baseline Functional Requirements Index
PRIVACY-BP-C. RECOMMENDED CONSEQUENCES OF DECLINING
Entities SHOULD provide short, clear notice to USERS of the consequences of declining to provide mandatory and optional personal information.
SUPPLEMENTAL GUIDANCE
This recommendation builds on and improves the mandate in Requirement PRIVACY-11 (OPTIONAL INFORMATION).
Regarding "personal information," see Appendix A and PRIVACY-1 (DATA MINIMIZATION). See also the IDESG Usability Requirements (USABLE-1 through USABLE-7) regarding the clarity of notices given to USERS and others.
If personal information is requested from USERS during registration that is optional, that designation should include a short and clear description justifying the request of that data.
If information collection or attribute value release is designated as mandatory, that designation should include a short and clear description of the consequences of declining to provide that information or allowing that release.
If an entity requests to release attributes values during a transaction that are the beyond the minimum necessary to complete that transaction, that release should be clearly presented as optional/a choice. That optional designation should include a short and clear description justifying the release of that data.
REFERENCES
Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page Supplemental Privacy Guidance; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx
APPLIES TO ACTIVITIES
KEYWORDS
CHOICE, LIMITATION, NOTICE, USABILITY
APPLIES TO ROLES
1 - RELYING PARTIES
4 – Intermediaries
Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |