...
This section describes the creation and use of an the ISO/IEC 29100 Privacy Framework for processing (personal) data and to illustrate the use of ISO/IEC 29184 controls to assess performance of this record. The associated notice controller credential and its associated record is regulated with international privacy laws, principals and standards, As a result of the record’s basis on the ISO /IEC 29100 Security and Privacy Framework privacy and security frameworks, the record and associated data fields provide a globally binding and standardized governance framework for creating records. Importantly it provides the transparency legally required for trustworthy ‘consented data access’, for adequate data transfers internationally; and can also provide an opportunity to implement a low-cost digital (twin) record and receipt mechanism. The use of the associated notices, receipts and records dramatically improve the security of personal data control, significantly increasing transparency and as a result greatly improves the scale and effectiveness of cyber physical security and digital privacy.
...
TP1 requires monitoring the technical end point to monitor see if PII is captured in relation to when a notice is provided. Measuring This measures the notice regulatory performance . against legal and human usability requirements.
TPI: 2 PII Controller: Required PII Controller Data Transparency
...
Anchor | ||||
---|---|---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
Rating | Description | Instruction |
---|---|---|
+1 | Controller identity is embedded as a credential linked to authoritative registries. | PII Controller credential is displayed, using a standard format with machine readable language and linked, for example, in an http header in a browser |
0 | PII Controller Identity prominently displayed on first view – prior to processing first page of viewing, the assessment question would be | PII Controller Identity or credential is provided in first notice |
-1 | Privacy signal Is not first presented – but is linked and one click and screen away | The Controller Identity, or screen with the Controller Identity is one screen and click away. For example, the privacy policy link in the footer of a webpage |
- 3 | Identity or credential is two or more screens of view away | PII Controller Identity is not accessible enough to be considered ‘provided’ |
...