Privacy Req 2

From IDESG Wiki
Jump to: navigation, search

<< Back to Baseline Functional Requirements Index

PRIVACY-2. PURPOSE LIMITATION

Entities MUST limit the use of personal information that is collected, used, transmitted, or stored to the specified purposes of that transaction. Persistent records of contracts, assurances, consent, or legal authority MUST be established by entities collecting, generating, using, transmitting, or storing personal information, so that the information consistently is used in the same manner originally specified and permitted.

SUPPLEMENTAL GUIDANCE

Regarding "personal information", see Appendix A. Entities should also assure that their data controls reliably apply these limitations to their future actions.

See also Requirement PRIVACY-1 (DATA MINIMIZATION) on the application of limitations to, and scope of, individual transactions and data exchanges.

Please note the applicability of best practice INTEROP-BP-G (RECOMMENDED LEGAL COMPLIANCE) regarding limitations imposed by laws. Please note the applicability of best practice INTEROP-BP-F (RECOMMENDED FEDERATION COMPLIANCE) and Requirement INTEROP-6 (THIRD-PARTY COMPLIANCE) regarding limitations arising from the involvement of THIRD-PARTIES such as intermediaries, similar service providers, or FEDERATIONS.

See the IDESG Functional Model for definition of Transaction Intermediation for the scope of “intermediaries.” The functional model describes Transaction Intermediation as “Processes and procedures that limit linkages between transactions and facilitate credential portability. This includes functions defined as “Blinding,” “Pseudonymization/Anonymization,” and “Exchange.”

Supplemental Information

Contracts, assurances or persistent records of consent or legal authority MUST be established by entities collecting, using, transmitting or storing personal information, so that the information, when passed between entities, is still used in the same manner as originally specified and permitted. Entities also must assure that their data controls reliably apply these limitations to their future actions.

Please note the applicability of requirement INTEROP-7 regarding limitations imposed by laws. Please note the applicability of requirements INTEROP-6 and INTEROP-8 regarding limitations arising from the involvement of THIRD-PARTIES such as intermediaries, similar service providers, or FEDERATIONS.

References and Guidance (non-normative)

  • See ISO/IEC 29100 (2011) Privacy Framework, Section 5.3 ("Use, Retention and Disclosure Limitation") and Section 5.6 ("Purpose Legitimacy and Specification").
  • See the "minimum necessary" disclosure standard in HIPAA regulations for health care transactions, 45 CFR Part 164, at §§ 164.502(b) and 164.514(d): http://www.ecfr.gov/cgi-bin/text-idx?node=pt45.1.164&rgn=div5
  • See also the Fair Information Privacy Principles: "Organizations should use PII solely for the purpose(s) specified in the notice. Sharing PII should be for a purpose compatible with the purpose for which the PII was collected." http://www.nist.gov/nstic/NSTIC-FIPPs.pdf
  • See OASIS Privacy Management Reference Model (PMRM) v1.0: Section 4.2 ("Service Details").
  • See Privacy & Biometrics: Building a Conceptual Foundation: Data [p46],Audit [p47], and Storage [p47].


REFERENCES

Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page Supplemental Privacy Guidance; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx


APPLIES TO ROLES

RELYING PARTIES
IDENTITY PROVIDERS
Attribute Providers
Intermediaries
Credential Service Providers (where there is user interaction)


APPLIES TO ACTIVITIES

REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION, INTERMEDIATION

KEYWORDS

LIMITATION, PRIVACY, PURPOSE



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |