Privacy Req 9

From IDESG Wiki
Revision as of 04:03, 28 June 2018 by Omaerz (talk | contribs) (9 revisions imported: Initial Upload of old pages from IDESG Wiki)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

<< Back to Baseline Functional Requirements Index

PRIVACY-9. USER NOTICE OF CHANGES

Entities MUST, upon any material changes to a service or process that affects the prior or ongoing collection, generation, use, transmission, or storage of USERSpersonal information, notify those USERS, and provide them with compensating controls designed to mitigate privacy risks that may arise from those changes, which may include seeking express affirmative consent of USERS in accordance with relevant law or regulation.

SUPPLEMENTAL GUIDANCE

Once USERS have been notified of the planned uses and processing of their personal information (see PRIVACY 6 (USAGE NOTICE)), and exercised whatever consent, limitation or withdrawal rights they have (see PRIVACY-7 (USER DATA CONTROL)), material changes to those uses or processing may render their choices obsolete, so entities should refresh the USER's opportunity to exercise those controls in light of the new information. (See USABLE-4 (NAVIGATION), USABLE-5 (ACCESSIBILITY) and USABLE-6 (USABILITY FEEDBACK).)

Regarding "personal information", see Appendix A, and PRIVACY-1 (DATA MINIMIZATION).

“Express affirmative consent” should not be used to mitigate privacy risks created by technical architecture or design, or to mitigate risks that individuals could not be reasonably expected to be able to assess; see PRIVACY-5 (DATA AGGREGATION RISK).

“Compensating controls” are controls or mechanisms, which may operate either by policy or (preferably) technology, designed to mitigate privacy risks that may arise when a material change is made to the system. Examples might include an opportunity to assent or withdraw, or risk-shifting rules occurring upon a change. Those controls can be under user administration, but only if the user can be reasonably expected to understand how to use those mechanisms to effectively mitigate their risk.

The Kantara Consent Receipt is now available (January 2018) in draft form at https://groups.google.com/forum/#!topic/wg-infosharing/553qIdgaq0o

REFERENCES

Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page Supplemental Privacy Guidance; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx

APPLIES TO ACTIVITIES

REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION, INTERMEDIATION

KEYWORDS

CHANGES, CONSENT, NOTICE, PRIVACY, PURPOSE

APPLIES TO ROLES

1 - RELYING PARTIES
2 - IDENTITY PROVIDERS
3 - Attribute Providers
4 – Intermediaries
5 - Credential Service Providers (where there is user interaction)



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |