PEMC Requirements Status Report

I prepared this from the requirements so far entered into our confluence page. It is worth noting:

We have no requirements yet where AQ (Accuracy and Quality), IA (Individual access & participation), or PS (Privacy compliance) are the primary considerations. This suggests to me some gaps in our coverage so far.
13 of the 16 requirements apply to verifiers, which aligns with the group’s decision to focus on verifiers first.
Items 7 and 16 appear to be candidates for being merged, but note that the authors identified them with different primary considerations. Worth discussing?

#

Title

Ref

Verifiers

Issuers

Providers

Primary

CC

PL

CL

DM

UR

AQ

OT

IA

AC

IS

PS

1

Selective Data Release

1_BC_CC

FALSE

TRUE

CC

Primary

Secondary

2

Encrypted Channel Transactions

2_ABC_IS

TRUE

IS

Secondary

Primary

3

Transparency at presentment

3_C_OT

FALSE

TRUE

OT

Secondary

Primary

Secondary

4

Verifier Identification

4_A_AC

TRUE

FALSE

AC

Secondary

Primary

5

Inform users of verifier policies

5_C_PL

FALSE

TRUE

PL

Primary

Secondary

6

Verifiers must attest their use cases

6_A_UR

TRUE

FALSE

UR

Secondary

Primary

Secondary

7

Veriferes minimize collection

7_A_CL

TRUE

FALSE

CL

Secondary

Primary

Secondary

8

Context for user consent

8_A_CC

TRUE

FALSE

CC

Primary

Secondary

9

Declare Retention Period

9_A_UR

TRUE

FALSE

UR

Secondary

Primary

10

Justifialbe PII storage

10_A_UR

TRUE

FALSE

UR

Secondary

Primary

Secondary

11

Segregated Accountability

11_A_PL

TRUE

FALSE

PL

Primary

Secondary

12

Secure Storage

12_A_IS

TRUE

FALSE

IS

Primary

13

Data Subject Rights

13_A_OT

TRUE

FALSE

OT

Primary

Secondary

14

Data Registry

14_A_AC

TRUE

FALSE

AC

Primary

Secondary

15

Separate data

15_A_DM

TRUE

FALSE

DM

Secondary

Primary

16

Verifiers must only request the minimum data required for their transaction

16_A_DM

TRUE

FALSE

DM

Secondary

Primary

Secondary