Privacy Req 5 Supplemental Guidance
Jump to navigation
Jump to search
Error creating thumbnail: File missing |
This article is under construction and should not be considered complete.
Last modified by Omaerz |
<< Back to Privacy Requirement 5
These links are provided as additional informative resources relevant to parties conducting self-assessments (and other identity stakeholders) when applying and evaluating IDEF Baseline Requirement PRIVACY-5.
Supplemental Information
Collection of personal information from repeated data transactions, which can be associated to form a larger body of knowledge about individuals, increases their privacy risk if the aggregated data exceeds the amount and nature needed for the original purposes of collection.
References and Guidance (non-normative)
- PbD De-identification Center, https://www.privacybydesign.ca/index.php/de-identification-centre/
- See also the definition of "data aggregation" in § 164.501, and the discussions about the use of identified versus de-identified data in § 164.514(a),(b) and § 164.502(d), of the HIPAA regulations for health care transactions, 45 CFR Part 164: http://www.ecfr.gov/cgi-bin/text-idx?node=pt45.1.164&rgn=div5
- See OASIS Privacy Management Reference Model (PMRM) v1.0: Section 4.2 ("Service Details").