Privacy Best Practice A

<< Back to Baseline Functional Requirements Index

PRIVACY-BP-A. RECOMMENDED QUALITY CONTROLS

Entities SHOULD determine the necessary quality of personal information used in their digital identity management functions based on the risk of those functions and the information, including risk to the USERS involved.

SUPPLEMENTAL GUIDANCE

Entities obtaining personal information about a USER may have multiple ways to obtain the necessary data, or to assure its quality (generally, its accuracy, detail, timeliness or authoritative source). Some of those choices may be less invasive, or create less risk of USER privacy loss, than others. Additionally, some may result in higher- or lower-quality accuracy of the data. Entities SHOULD consider the effects of these choices on the USER whose personal information is being collected and used.

In the absence of formal data quality standards, entities SHOULD consider the timeliness, completeness, accuracy, and sources of data when evaluating the quality of personal information. These goals may be most easily implemented in system design, when identity management systems are being designed or renovated.

Regarding "personal information," see Appendix A and PRIVACY-1 (DATA MINIMIZATION).

REFERENCES

Further reference materials to aid organizations interested in conforming to these Requirements or best practices can be found at the wiki page Supplemental Privacy Guidance; this has been archived as of October 2015 at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx

APPLIES TO ACTIVITIES

REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION, INTERMEDIATION

KEYWORDS

ARCHITECTURE, DATA-INTEGRITY, LIMITATION, RISK

APPLIES TO ROLES

1 - RELYING PARTIES
2 - IDENTITY PROVIDERS
3 - Attribute Providers
4 – Intermediaries
5 - Credential Service Providers (where there is user interaction)

Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |