...

Transparency

...

Trust Metrics

Editors: Sharon Polsky, Mark Lizar

...

Introduction

This introduction demonstrates the use of a 29100 record for processing to illustrate the use of 29184 controls to assess performance of this record.

The ANCR Record specification introduces three (3) transparency performance indicators (TPIs) that an Individual can use to assess an organization’s transparency — how it collects, uses, and discloses Personally Identifiable Information — before electing to provide their personally identifiable information or authorize its collection, use, processing, or disclosure.

TPI 1 – Notice of Identity of Controller

TPI 2 – Accessibility of Notice

TPI 3 – Security Certificate (or key) of Notified Controller

International laws and standards — including A notice controller credential is regulated with International version of privacy laws, principals and standards, The recored format is based on the ISO/IEC 29100 Security and Privacy Framework — are provide the international governance framework for creating records for transparency trustworthy ‘consented data access’, for adequate data transfers internationally; and provide an opportunity to implement a low-cost digital (twin) record and receipt mechanism and thus dramatically improve the security of personal data control, thereby increasing the effectiveness of cyber physical security and digital privacy.

This specification is a contribution to ongoing work at extending the work and interoperability of ISO/IEC SC27 WG5, using ISO/IEC 29100 ,  29100 privacy and security framework, in order to create a standardized Record of Processing format for generating notice records and consent receipts.

...

An internationally standardized notice and consent record information structure provides the standard controller credential provides people with digital transaprency over who controls personal data in context. Provides a public format for a PII Principal to generate records independently of the PII Controller, and to hold, control and manage, separately from the PII Controller access to withdraw consent . This specification is proposed by context for multiple services.. Standardized to capture, measure , and standardize the transparency performance of PII Controllers’ transparency, digital security and privacy practice through the entire lifecycle of personal information collected from a PII Principalactive state of digital privacy. throughout the service use life-cycle.

Why

...

Digital Transparency?

Standardized digital notice is a steppingstone to operational digital privacy and is required to scale human to system (electronic) consent online. A record that is provided by default using standard digital identifier governance defaults, designed for self-sovereign/human centric transparency and interoperability, between people and systems.

...