Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Introduction 

A best practice outline: For composing a notice and or notification to a person.

Layering, a summary and a detailed explanation of the Notice or Notification, referencing required legal elements for a notice as defined by law, industry practice, or legal requirements. 

Notice as an anchor framing  data sharing interaction between a person and an entity. It is the first notification governing the processing of personal data, which references the legal authority for the treatment of person data and through the lifecycle of the Notice.    

  • We go through the process of turning an exemption into a Notice Record, with Common Accord,
    • then creating a Consent Record using this Notice Record,

Problem Scenario

  • Covid - there is a lack of transparency over the control of person data and its disclosure which makes it difficult for people to trust and understand what is happening with their data and how it might impact them 
  • We look at some of the Notifications used for processing personal data for the Covid Pandemic 
  • Vital Public  Interest - Emergency Health 

  • Questions

    • disclosures - 
    • exit - how do we get the data back - or see it protected, 
    • or see when its used
  • Related:
    • EMT Scenario;  is a relative use case  -  where authority of State, is represented by  Dr. in County - for  EMT to break glass - to protect  the vital interests of the individual - they get authority to them in context - to go to 3rd parties and provide authority to ask for data 

Proposed Improvements

Solution Scenario

  1.  requirements for a Notice receipt,  
  • Notice Link
  • entities
    • delegation
  • purpose specification
  • purpose categories
  • Termination
  • use specification 
    • TTL
  • attribute specification

  • a signature 

    • keys

2. Creating a Consent Record 

3.  Create a Personal Data Processing Contract

Solution Flow

This scenario uses classic UMA. See the swimlane diagrams for details.

  • From a Covid Notice -
    • create a consent record 
    • control of the consent record, and use it to generate a notification to gain transparency over processing.
  • From the Consent Record
    • Create a Consent Scope, and a Data Processing Contract for the consent.
    • Refer to Toms Consent Binding
    • Create this contract type record and attach it to the consent record and link to the notice. . 

Developing Demonstration Solutions

  • No labels