Privacy Req 12
<< Back to Baseline Functional Requirements Index
Wherever feasible, entities MUST utilize identity systems and processes that enable transactions that are anonymous, anonymous with validated attributes, pseudonymous, or where appropriate, uniquely identified. Where applicable to such transactions, entities employing service providers or intermediaries MUST mitigate the risk of those THIRD-PARTIES collecting USER personal information. Organizations MUST request individuals’ credentials only when necessary for the transaction and then only as appropriate to the risk associated with the transaction or only as appropriate to the risks to the parties associated with the transaction.
In support of legal, policy or personal requirements for anonymous or pseudonymous USER participation, digital identity management functions and systems should permit anonymous and (persistent across sessions) pseudonymous registration and participation, where required by law or otherwise feasible. To further facilitate that goal, identifiers and personal data (including attributes) should be kept separate wherever feasible: see PRIVACY-4 (CREDENTIAL LIMITATION) and PRIVACY-15 (ATTRIBUTE SEGREGATION).
See INTEROP-6 (THIRD-PARTY COMPLIANCE) on the mitigation of risks associated with third-party service providers or data users.
See PRIVACY-5 (DATA AGGREGATION RISK) regarding the risk of collecting additional information.
See PRIVACY-13 (CONTROLS PROPORTIONATE TO RISK) regarding the implementation of controls to mitigate identified privacy risk.
See PRIVACY-11 (OPTIONAL INFORMATION) regarding availability of user choices regarding optional disclosure of personal information.
Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page Supplemental Privacy Guidance; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx
APPLIES TO ACTIVITIES