Privacy Best Practice B

From IDESG Wiki
Revision as of 21:00, 13 June 2018 by Mary Hodder (talk | contribs) (updated roles edit)
Jump to navigation Jump to search

<< Back to Baseline Functional Requirements Index

PRIVACY-BP-B. RECOMMENDED TECHNOLOGY ENFORCEMENT

Wherever feasible, privacy requirements and policies SHOULD be implemented through technical mechanisms. Those technical privacy controls SHOULD be situated as low in the technology stack as possible.

SUPPLEMENTAL GUIDANCE

Privacy controls are mechanisms that mitigate privacy risk. These may overlap with security controls.

REFERENCES

Further reference materials to aid organizations interested in conforming to these Requirements or best practices can be found at the wiki page Supplemental Privacy Guidance; this has been archived as of October 2015 at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx.

APPLIES TO ACTIVITIES

REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION, INTERMEDIATION

KEYWORDS

ARCHITECTURE, POLICIES, PROCESS

APPLIES TO ROLES

1 - RELYING PARTIES
2 - IDENTITY PROVIDERS
3 - Attribute Providers
4 – Intermediaries
5 - Credential Service Providers (where there is user interaction)



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |