Privacy Req 1 Supplemental Guidance

From IDESG Wiki
Jump to navigation Jump to search
Error creating thumbnail: File missing
This article is under construction and should not be considered complete.
Last modified by Omaerz

<< Back to Privacy Requirement 1

These links are provided as additional informative resources relevant to parties conducting self-assessments (and other identity stakeholders) when applying and evaluating IDEF Baseline Requirement PRIVACY-1.

Supplemental Information

IDENTITY PROVIDERS and RELYING PARTIES which employ intermediaries are responsible for the actions of those intermediaries on their behalf, MUST implement protocols that mitigate the risk of intermediaries collecting personal information. See INTEROP-8 and INTEROP-BP-E.

References and Guidance (non-normative)

  • See ISO/IEC 29100 (2011) Privacy Framework, Section 5.5 ("Data minimization").
  • See the HIPAA regulations for health care transactions, 45 CFR Part 164, at §§ 164.502(b) and 164.514(d): "minimum necessary" disclosure standard.
  • See AICPA/CICA Privacy Maturity Model based on GAPP [Collection 4.1.X] (chart)
  • See Privacy & Biometrics: Building a Conceptual Foundation: Data [p46], Audit [p47].