Versions Compared

Old Version 7

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version Current

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction 

A best practice outline: For composing a notice and or notification to a person.

Layering, This is the first of 3 use cases, generating a receipt from a notice or notification to the person.  In this use case we use Covid processing as a starting point, and the legal justification for processing medical testing data, with the objective of looking at how the individual (and org) can provide a receipt for this Notice, which a person can then use to send a notification to the organisation processing personal data.  

In this use case, we are looking at : 

  • Layering a summary and a detailed explanation of the Notice or Notification, referencing required legal elements for a notice as defined by law, industry practice, or legal requirements. 
    • Creating a Notice Record
      • Notice as an anchor framing

...

      • the person data processing between a person and an entity.

...

      • A Notice refers to the first notification governing the processing of personal data, which references the legal authority for the treatment of person data and through the lifecycle of the Notice and Consent

...

  • We go through the
      • Creating a Notice Receipt 
    • Walking through working with Common Accord for Notice, receipt or/and contract.
      • Walk through a process of turning an exemption into a Notice Record, with Common Accord,
        • then creating a Consent Record using this Notice Record,

Problem Scenario

  • Covid - there is a lack of transparency over the control of person data and its disclosure which makes it difficult for people to trust and understand what is happening with their data and how it might impact them 
  • We look at some of the Notifications used for processing personal data for the Covid Pandemic 
  • Vital Public  Interest - Emergency Health 

  • Questions

    • disclosures - 
    • exit - how do we get the data back - or see it protected, 
    • or see when its used
  • Related:
    • EMT Scenario;  is a relative use case  -  where authority of State, is represented by  Dr. in County - for  EMT to break glass - to protect  the vital interests of the individual - they get authority to them in context - to go to 3rd parties and provide authority to ask for data 

...

  1.  requirements for a Notice receipt,  
  • Notice Link
  • entities
    • delegation
  • purpose specification
  • purpose categories
  • Termination
  • use specification 
    • TTL
  • attribute specification

  • a signature 

    • keys

2. Creating a Consent Record 

3.  Create a Personal Data Processing Contract

Solution Flow

This scenario uses classic UMA. See the swimlane diagrams for details.

...