Privacy Best Practice C
<< Back to Baseline Functional Requirements Index
PRIVACY-BP-C. RECOMMENDED CONSEQUENCES OF DECLINING
This recommendation builds on and improves the mandate in Requirement PRIVACY-11 (OPTIONAL INFORMATION).
Regarding "personal information," see Appendix A and PRIVACY-1 (DATA MINIMIZATION). See also the IDESG Usability Requirements (USABLE-1 through USABLE-7) regarding the clarity of notices given to USERS and others.
If personal information is requested from USERS during registration that is optional, that designation should include a short and clear description justifying the request of that data.
If information collection or attribute value release is designated as mandatory, that designation should include a short and clear description of the consequences of declining to provide that information or allowing that release.
If an entity requests to release attributes values during a transaction that are the beyond the minimum necessary to complete that transaction, that release should be clearly presented as optional/a choice. That optional designation should include a short and clear description justifying the release of that data.
Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page Supplemental Privacy Guidance; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx
APPLIES TO ACTIVITIES
APPLIES TO ROLES
1 - RELYING PARTIES
4 – Intermediaries