Privacy Best Practice C

From IDESG Wiki
Jump to navigation Jump to search

<< Back to Baseline Functional Requirements Index

PRIVACY-BP-C. RECOMMENDED CONSEQUENCES OF DECLINING

Entities SHOULD provide short, clear notice to USERS of the consequences of declining to provide mandatory and optional personal information.

SUPPLEMENTAL GUIDANCE

This recommendation builds on and improves the mandate in Requirement PRIVACY-11 (OPTIONAL INFORMATION).

Regarding "personal information," see Appendix A and PRIVACY-1 (DATA MINIMIZATION). See also the IDESG Usability Requirements (USABLE-1 through USABLE-7) regarding the clarity of notices given to USERS and others.

If personal information is requested from USERS during registration that is optional, that designation should include a short and clear description justifying the request of that data.

If information collection or attribute value release is designated as mandatory, that designation should include a short and clear description of the consequences of declining to provide that information or allowing that release.

If an entity requests to release attributes values during a transaction that are the beyond the minimum necessary to complete that transaction, that release should be clearly presented as optional/a choice. That optional designation should include a short and clear description justifying the release of that data.

REFERENCES

Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page Supplemental Privacy Guidance; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx

APPLIES TO ACTIVITIES

REGISTRATION, AUTHORIZATION

KEYWORDS

CHOICE, LIMITATION, NOTICE, USABILITY

APPLIES TO ROLES

1 - RELYING PARTIES
4 – Intermediaries



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |