Any member of the workgroup may create a candidate requirement for discussion by the group. For instructions on how to create a requirement see: Sample Requirements
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
| Candidate | - Type your task here, using "@" to assign to a user and "//" to select a due date
| 5 | Verifiers shall request user consent prior the transmission of their PII. User consent shall be requested in a clear and comprehensible way. If PII are disclosed for different purposes, the specific PII and respective purposes shall be displayed to the user. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| Yellow- Type your task here, using "@" to assign to a user and "//" to select a due date
| 6 | Verifiers shall state a retention period for PII in their consent request. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
- CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| YellowCandidate | - Type your task here, using "@" to assign to a user and "//" to select a due date
| 7 | Verifiers shall not store any PII when it is not required for the provision of their services. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| | Status |
|---|
| colour | Yellow |
|---|
| title | Candidate |
|---|
|
| - Type your task here, using "@" to assign to a user and "//" to select a due date
| 8 | Verifiers shall not fall into collusive practices with Issuing Authorities or other Verifiers for user re-identification. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| | Status |
|---|
| colour | Yellow |
|---|
| title | Candidate |
|---|
|
| - Type your task here, using "@" to assign to a user and "//" to select a due date
| 9 | Verifiers shall adopt appropriate measures to ensure security of stored PII. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| | Status |
|---|
| colour | Yellow |
|---|
| title | Candidate |
|---|
|
| - Type your task here, using "@" to assign to a user and "//" to select a due date
| 10 | Verifiers shall guarantee appropriate means to ensure that user can access and request the erasure of their PII. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| | Status |
|---|
| colour | Yellow |
|---|
| title | Candidate |
|---|
|
| - Type your task here, using "@" to assign to a user and "//" to select a due date
| 11 | Verifiers shall maintain appropriate registries and ensure access to Law Enforcement Authorities for accountability purposes. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| 12 | Verifiers shall not combine any PII for the purpose of re-identifying the data subject, unless specifically informed and justified. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| 13 |
|---|
Created by an author but not yet ready for review by the Work Group | The author is ready for the requirement to be reviewed by the Work Group | The requirement is under review by the Work Group | The requirement has passed the initial Work Group review and can be included as a draft requirement (provisionally accepted) | The requirement will not be included as a draft requirement |