...

Data Governance Adequacy & Transparency Performance

...

Metrics

Editors: Sharon Polsky, Mark Lizar

...

The ANCR specification provides a mechanism to implement legal and technical standards for transparency that supersede ‘terms and conditions’, ‘user licenses’, ‘privacy policies’ and ‘data sharing agreements’. Specifying an active technical object for managing the rules of data and its consented exchange.

Specification Components

This introduction demonstrates the use of a 29100 record for processing to illustrate the use of 29184 controls to assess performance of this record.

...

The Notice Record is specified for generating operational transparency with the use of the controls in ISO/IEC 29184 Online Privacy Notices and Consent and evidenced with anchored notice and consent receipts. [ISO/IEC 29184, Appendix B]

Why was this specification written?

An internationally standardized notice and consent record information structure provides the standard for a PII Principal to generate records independently of the PII Controller, and to hold, control and manage, separately from the PII Controller access to withdraw consent. This specification is proposed to capture, measure, and standardize the transparency of PII Controllers’ security and privacy practice through the entire lifecycle of personal information collected from a PII Principal.

Why Operational Transparency?

Standardized digital notice is a steppingstone to operational privacy and is required to scale human to system (electronic) consent online. A record that is provided by default using standard digital identifier governance defaults, designed for self-sovereign/human centric transparency and interoperability, between people and systems.

The notice record information structure is specified in this document with ISO/IEC 29100 Security and privacy techniques framework, which is a free and public standard. ISO/IEC 29100 is used in this specification to measure the performance of transparency using the controls, and consent notice receipt, specified in ISO/IEC 29184.

What should you expect to find in this document?

This ANCR WG specification introduces a method to capture a Notice and verify its credential. It specifies with what, and how a PII Principal can capture a Record of Notice with and assess digital transparency and the state of security. The specification also describes the three (3) transparency performance indicators (TPIs) used to demonstrate how a minimum notice record Information structure can be used to create a record that the PII Principal holds, controls, and manages to control their personal information, namely:

1. The PII Controller Identity and privacy contact point

2. The Accessibility of PII Controller Identity and Contact information,

3. The Security and Integrity of the PII Controller’s Transparency

The ANCR Notice Record is specified for PII Principals, using terms, semantics and laws that champion the legal utility of data control and its management. As such, representing a shift in the architecture of digital identity semantics to legal semantics specific to human centric transparency, usability, and control.

For this purpose, the ANCR record is first specified as a single use record, that the Individual controls with 3 transparency performance indicators. First defined as a single use record to generate a record the Individual can own, control and trust. The KPI’s provided here are specified to provide transparency over data control and it’s human/decentralized data governance. (Specified as Operational Transparency),

Anchor
_Toc114372102 _Toc114372102

Anchor
_Toc114373606 _Toc114373606

Anchor
_Toc114373704 _Toc114373704

Anchor
_Toc114397908 _Toc114397908

Anchor
_Toc114372103 _Toc114372103

Anchor
_Toc114373607 _Toc114373607

Anchor
_Toc114373705 _Toc114373705

Anchor
_Toc114397909 _Toc114397909

Anchor
_Toc114372104 _Toc114372104

Anchor
_Toc114373608 _Toc114373608

Anchor
_Toc114373706 _Toc114373706

Anchor
_Toc114397910 _Toc114397910

Anchor
_Toc114372105 _Toc114372105

Anchor
_Toc114373609 _Toc114373609

Anchor
_Toc114373707 _Toc114373707

Anchor
_Toc114397911 _Toc114397911

Anchor
_Toc114497430 _Toc114497430

Anchor
_Toc498675767 _Toc498675767

Anchor
_Toc108928897 _Toc108928897

Notice Record

The Notice Record is first specified as a static, one-time use notice record that is created by the PII Principal and used to initiate a state of operational transparency in context measured by access to, and performance of, rights.

Diagram 1: Notice Record

Anchor
_Toc114497431 _Toc114497431

Table1: Single Use Notice Record:
PII Controller Identity AND Contact Transparency Report

Anchor
_Toc114497432 _Toc114497432

Anchoring the Notice Record for Trust

The record identifier, when added to each record, provides an anchor for the notice record in the first instance. The Anchored Notice Record can be extended for use as a ‘trust anchor’ for the PII Principal by adding an ANCR Record ID that the PII Principal can use to track the PII Controller and the data processing and digital identity relationship over time. In this way an Anchored Notice Record is a gateway to scale consent online and internationally.¹

Anchor
_Toc114497433 _Toc114497433

Notice Record Transparency Performance Indicators

Diagram 2: Transparency Performance Indicators

...

The first two (2) performance indicators measure the transparency of the ‘provided’ PII Controller Identity information. Required to measure how accessible the provided PII Controller Identity information is, before or at the time of data processing, which is a condition of governance adequacy and privacy compliance for all digital identifier-based processing activities, used to develop data profiles. An ANCR Record of data processing activity in this way provides evidence to demonstrate security and privacy compliance.

Once the capacity for digital privacy is ascertained, the third performance indicator can be used to measure the security certificate (or key) for its contextual integrity for the specific session and processing context.

TPI 1: PII Controller Identity and Contact Transparency

Assess if the required information for transparency over who is in control of notice is ‘provided’

The MUST fields identify elements that are required in legislation that MUST be present.

TPI 2: Transparency Accessibility

How accessible is the PII Controller and Privacy Contact information?

For example, in the context of a website or a mobile device, how difficult was it to access the ‘provided’ information. How many clicks, or screens, away is the required information?

TPI 2–Example — Accessibility Measurement Rating

This transparency accessibility rating score of [1,0, -1 or –3] reflects the number of steps, screens, or clicks required to find the ‘provided’ information within a mobile application or webpage providing the client user interface.

Anchor
_Toc114372114 _Toc114372114

Anchor
_Toc114373615 _Toc114373615

Anchor
_Toc114373712 _Toc114373712

Anchor
_Toc114397916 _Toc114397916

Anchor
_Toc114372115 _Toc114372115

Anchor
_Toc114373616 _Toc114373616

Anchor
_Toc114373713 _Toc114373713

Anchor
_Toc114397917 _Toc114397917

Anchor
_Toc114497434 _Toc114497434

Transparency Accessibility Rating description table 2

TPI 3: Certificate (and/or Key) Security Transparency

This security performance indicator requires that the notice record session certificate is collected and used to check if the PII Controller Identity information is the same or linked to the controlling entity in the associated security certificate. For example, does the SSL (secure software layer) certificate identify the Controller, and is it secured for the DNS and localization expectation and corresponding jurisdictional information (a ZPN required digital security for privacy measure to implement the international governance interoperability with legal adequacy with eConsent)

Certificate status, and transparency performance, are used to establish session security prior to the collection, use and processing of PII. The security TPI is used to measure the certificate and or cryptographic keys for a specified organizational unit to corroborate and validate the PII Controller’s digital integrity.

Anchor
_Toc114497435 _Toc114497435

Table 2 : Notice Record TPI Report

...