Privacy Best Practice A
<< Back to Baseline Functional Requirements Index
PRIVACY-BP-A. RECOMMENDED QUALITY CONTROLS
Entities SHOULD determine the necessary quality of personal information used in their digital identity management functions based on the risk of those functions and the information, including risk to the USERS involved.
Entities obtaining personal information about a USER may have multiple ways to obtain the necessary data, or to assure its quality (generally, its accuracy, detail, timeliness or authoritative source). Some of those choices may be less invasive, or create less risk of USER privacy loss, than others. Additionally, some may result in higher- or lower-quality accuracy of the data. Entities SHOULD consider the effects of these choices on the USER whose personal information is being collected and used.
In the absence of formal data quality standards, entities SHOULD consider the timeliness, completeness, accuracy, and sources of data when evaluating the quality of personal information. These goals may be most easily implemented in system design, when identity management systems are being designed or renovated.
Further reference materials to aid organizations interested in conforming to these Requirements or best practices can be found at the wiki page Supplemental Privacy Guidance; this has been archived as of October 2015 at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx