...
These TPI’s are designed to quickly measure operational performance, compliance, and trustability of publicly required digital service information.
TPI’s are recorded with a Notice Record, fully filled in, it is useable as a Controller Credential, which is used to generate a Consent Receipt.[1] A This specification introduces a standardized record format for the capture of attributes that are required by law for the legal and trustworthy processing of personal identifiers.
The format is defined with the ISO/IEC 29100 security and privacy techniques framework. This format is used to collect identifier and session based attributes, notice, notification, and disclosure text mapped directly to the the analogue (brick and mortar) legal requirements, in a . We present here that standardized TPI creation process and how it can be used to complement, in fact necessarilly precede, (any) identifier creation workflow.
The Notice record Record format can also be used to measure conformance with the ISO/IEC 29184 Online privacy notice and consent standard (2020), in which, the Consent Notice Receipt is provided in Appendix Annex B.
The use of the associated notices, receipts and records dramatically improve the security of personal data control, significantly increasing transparency and as a result , including importantly for the individual. It also greatly improves the scale and effectiveness of cyber physical security and digital privacy through the decentralized authority inherent in the Notice Record.
This specification is offered as a contribution to th the ISO/IEC SC27 WG5 body of work, extending as it extends the ISO/IEC 29100 privacy and security framework for more advanced into operational trust applications.
The Notice Record, generated from TPI’s are designed to enable , enables operational ‘online’ transparency guided by the use of the controls in ISO/IEC 29184 Online Privacy Notices and Consent and . This can be further evidenced with an anchored notice and mirrored (digitally twinned) notice consent receipts [ again ISO/IEC 29184, Appendix B], which can be again generated from a TPI recordNotice Record.
Why was this specification written?
TPI’s aim to help standardized standardize digital transparency and dramatically improve the safety, security, and security usability of digital transparency for people, . It does so by providing a set of metrics to quickly assess if and how operational digital privacy is operating at the moment.
Currently, there is no way for people to see who is tracking them and how digital digitally exposed people are in context. Data control, access, and privacy rights requests requiring a 30 day and response time, TPI’s indicate if the digital information provided upon contact with a digital service is capable of meeting this basic requirement and capable of dynamic data access and controls.
Digital transparency around why, who, and where behind a data request is as important as security and privacy of identifiers and attributes. Without standardized digital transparency it is difficult if not impossible to see who is monitoringmake decisions about the creation and subsequent necessary, tracking and surveilling monitoring of personal data and digital identifiers.
As a result, people do not have The TPIs are a step to where people have the insights to exercise access controls, and to use rights to controls create and control their own records of digital of identity relationships, in a meaningful or operational manner.
Why Transparency Performance Indicator’s?
TPI’s TPI's provide a way to quickly see if digital privacy and/or security measures are in place, and in line with human, legal and analogue requirements the Individual can under stand understand and expect.
The TPI’s are designed from legal and social research gained through with business, operational, legal, technical, and social dimensions and considerations. Through the implementation and capture of records for legal proof of notice (share knowledge ) and and understanding), the TPI’s set the stage (allow to follow in the workflow) for digital consent with a receipts. These receipts can then be used by people to provide people with their own evidence of notice a data and records.
TPI’s capture the corresponding human readable digital representations of physical/human requirements for digital transparency, and when required digital consent . as well as other justifications or requirements for processing.
The 4 indicators specified provide provide a record, that can then be used to ANCR “anchor” the digital identity relationship with the organization, creating a basis and foundation for higher levels of digital transparency assurance. [2]
...