How does this project fit with the strategy?Information Sharing Interoperability Charter This is input from the V2 effort into th framework effort. Interoperability, Consent and privacy regulations separate (or different) from contact and tort privacy regulations and contracts use separate law for Data Governance. For consent to scale to organisations need contracts for processors, and suppliers. Contracts that translate into access controls that scale. For example. transparency for an entire supply chain with personal data processing records, which produce a receipt to provide autonomous transparency up and downstream. Providing a systems with the capacity to generate human trust, because people can see that they can excercise control. : Consent For Information Sharing & interoperabilityInteroperability Proposal | TeamProject owner: Mark Lizar (Unlicensed) Team members Invited: Developing a single use case example: providing the focus of interop activities amongst projects in Kantara | Status
Proposed call - every second week starting in March see purpose use record project Personal Data Use Receipt Framework |
Problem space | |
---|---|
Why are we doing this?For consent to scale, organisations need contracts for processing by third parties, and subsequent sub-processing. When things change in the data processing supply chain, there are contexts when both the controller and the individual need transparency over sharing, disclosure or access to personal information. (types of data portability) Objective Measure
| Problem statementFor personal data control, the consent record provides a staring point with the person's consent as the point of providence for personal data; disclosure, sharing and access by systems. Depending on the context the type of information flow needs to be employed. Beyond consent, there is a need for a personal data processing receipts for contract based data governance framework to be interoperable with consent. The solution to this problem needs to take into account multiple types of consent, and multiple data processing statutes in a single context, and even multi-state syncing, which is done by the individual themselves, to be able to control personal data in context. Impact of this problemHuman to service, rather than service to human approach to data control is a critical issue. Lack of usable Consent, to prove and control personal data prevents people form using consent to control personal data once permission for access, sharing and disclosure has been provided. |
How do we judge success? | This project will be a success when it has created: |
What are possible solutions? |
|
Validation | |
---|---|
What do we already know? | |
What do we need to answer? |
Ready to make it | |
---|---|
What are we doing? | A single use case for |
Why will a customer want this? | |
Visualize the solution | |
Scale and scope |
Learn more: https://www.atlassian.com/team-playbook/plays/project-poster
...