Digital Transparency : Levels of Privacy Risk Assurance (or Levels of Trust)

The anchored trust framework refers to 4 Levels of Risk Assurances, provided for in the the notice record schema. The record represents a trust framework which start with authority and assessing authoritative requirements. Creating a trust framework for public, low assurance discovery and interaction. Whereby, the individual is authoritative providing for a level which starts at self-asserted and authorized in context, without authentication required from industrial / federated identity management systems frameworks.

The DTL Levels Of Digital Transparency Assurance: 

DTL 0,  - Notice Record and Credential - Minimum viable public interest specification for an ANCR record  (also referred too as the notice controller credential) [authorized not authenticated. ] [any stakeholder can use]

...

DTL 3 - Operator (certified controller) Registrar - Industry Vertical Register - [Authorized, verified,   authenticated, risk assed as controller and service, monitored with active state (certified) data controls.]

DTL Stakeholder Types

PII Principal (designated individual)

...

PII Processor (joint processor, sub-processor)

PII Regulator

PII Notary/Referee /Notary - (delegated and decentralized co-governance roles)

What Are ANCR Records?

ANCR records are specified for public benefit and are contributed as public benefit technologies.

...

The specifications developed here are in reference to authoritative international law CoE Convention 108+ and the open ISO/IEC 29100 security and privacy techniques standard which defines the stakeholders and roles. The work has been curated to be licensed for the public benefit, to provide legal to technical framework for digital transparency. A technology and standard , personal data control and decentralizing data governance.

ANCR’d Trust Framework

1. used autonomously to validate a current session

2. notarized by a Referee

3. Verified by a Regulated & Certified 3rd Party- like a bank which is a validator and proxy access to data profiles/accounts the individual controls.

ANCR Record Specifications

1. Consent Receipt v1.1. & V2 i)

   1. A record created by a ‘privacy stakeholder’ [ref] Developed in the digital identity industry to provide people with records of Digital identity relationships, that can also be used to govern the digital relationship. Published in ISO/IEC 29184 Online privacy notice and consent, Appendix B, then adopted as basis or ISO/IEC 27560 [draft technical specification] consent record information structure.

2. Transparency Performance Indicators (TPI’s) Draft v.00

   1. Digital Transparency metrics fo indicating operational state of transparency, useful to asses contextual conformance and compliance with laws, standards and personal expectations.

3. Notice Record, (for Consent Receipts V2)

   1. this is the analogue concept of a notice record, to which a person (in a particular physical location, reads a notice and make their own record of who is control and accountable for their personal information, the core format of the consent receipt.

      1. with the addition of adding the use of a digital identifier to the notice recored, it can be used as extended to become a micro-notice credential

4. Controller Notice Credential - (V.0.1) - an open digital identity credential that a PII Principal can create independently of the service providers, defined with International and enforceable law using ISO/IEC standard framework so as to be operationally authoritative.

Extensions in development:

1. Micro-Notice Credential & Consent Token - the extension of a notice record with key and token management. A notice record stored as a micro-notice credential in an ANCR’d application can further be extended to become a consent receipt token, which is the transport format / vehicle for exchange of credential and controller information.

Acronym's, Terms and Definitions

Authentication

Authority

Authoritative

...