Open Notice Record
Version: 0.8.
Document Date: Nov, 2022
Editor(s): Mark Lizar,
Contributors: Sal D’Agostino,
Reviewers: Sharon Polsky
Produced by: ANCR-WG
Status: WG Draft v0.8 (drafting)
1. INTRODUCTION
International laws and standards — including ISO/IEC 29100 Security and Privacy Framework — provide here, the international framework for creating records for trustworthy ‘consented data access’, for adequate data transfers internationally; and provide an opportunity to implement a low-cost digital (twin) record and receipt mechanism dramatically improving the security of personal data control, overall cyber/physical security, and digital privacy.
This specification is a contribution to the ongoing body work at ISO/IEC SC27 WG5, by using ISO/IEC 29100 to create a standardized Record of Processing format for notice records and consent receipts.
The Notice Record is specified for generating digital transparency over data control with the use of the ISO/IEC 29184 Online Privacy Notices and Consent Receipts. [ISO/IEC 29184, Appendix B]
Why was this specification written?
An internationally standardized notice and consent record information structure provides the standard for a PII Principal to generate records independently of the PII Controller, and to hold, control and manage, separately from the PII Controller access to withdraw consent. This specification is proposed to capture, measure, and standardize the transparency of PII Controllers’ security and privacy practice through the entire lifecycle of personal information collected from a PII Principal.
Why Digital Transparency?
Standardized digital notice is a steppingstone to operational privacy and is required to scale human to system (electronic) consent online. A record that is provided by default using standard digital identifier governance defaults, designed for self-sovereign/human centric transparency and interoperability, between people and systems.
The notice record information structure is specified in this document with ISO/IEC 29100 Security and privacy techniques framework, which is a free and public standard. ISO/IEC 29100 is used in this specification to measure the performance of transparency using the controls, and consent notice receipt, specified in ISO/IEC 29184.
Notice Record References
For the purposes of this specification, the following terms and definitions apply as normative; non-normative to be used per context; and additive, in that they aid human understanding and data control.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
ISO Online browsing platform: available at www.iso.org/obp
Notice Record Schema Specification
The ANCR notice record is fundamentally a layered record schema, the first record layer is the minimum viable notice record (MVNR) a PII Principal can make to capture the organisation/institution that controls their personal data as well as the accountable person liable for that legal entity. This record collects no additional data, except what the PII Principal is required to see and understand in order to be legally informed of the risks of generating a digital identifier.
The notice record is an electronic notice document and is used to initiate electronic consent dialogue using a common, default engagement point that the PII Principal can expect, and trust, per data processing session.
Trust is predicated on a notice record to provide digital transparency and security assurances that are inherent to creation and use of records and receipts.
What should you expect to find in this document?
This ANCR WG specification introduces a method to capture a Notice and verify its credential. It specifies with what, and how a PII Principal can capture a Record of Notice with and assess digital transparency and the state of security. The specification also describes the three (3) transparency performance indicators (TPIs) used to demonstrate how a minimum notice record Information structure can be used to create a record that the PII Principal holds, controls, and manages to control their personal information, namely:
The timing of notice presentation
PII Controller Identity and privacy contact point
The Accessibility of PII Controller Identity and Contact information,
The Security and Integrity of the PII Controller’s Transparency
The ANCR Notice Record is specified for PII Principals, using terms, semantics and laws that champion the legal utility of data control and its management. As such, representing a shift in the architecture of digital identity semantics to legal semantics specific to human centric transparency, usability, and control.
For this purpose, the ANCR record is first specified as a single use record, that the Individual controls with 3 transparency performance indicators. First defined as a single use record to generate a record the Individual can own, control and trust. The KPI’s provided here are specified to provide transparency over data control and it’s human/decentralized data governance. (Specified as Operational Transparency),
1.2. TABLE1: MINIMUM VIABLE NOTICE RECORD SCHEMA
Minimum viable, for personal collection and use without the use of digital identifier technologies for systematic surveillance and monitoring. These are added to this record according to the purpose of use defined by context this record is created in.
FIELD NAME | FIELD DESCRIPTION | REQUIREMENT: MUST, SHALL, MAY | FIELD DATA EXAMPLE |
Notice Location | Location the notice was read/observed | MUST | |
PII Controller Name | Name of presented business | MUST | Walmart |
Controller Address | The physical address of controller and/or accountable person | MUST | 1940 Argentina Road Mississauga, Ontario L5N 1P9 |
PII Controller Contact Type | Contact method for correspondence with PII Controller | MUST | Email, phone |
PII Controller-Correspondence Contact | General contact point | SHALL | |
Privacy Contact Type | The Contact method provided for access to privacy contact | MUST | |
Privacy Contact Point | Location/address of Contact Point | MUST | |
Session Certificate | A certificate for monitored practice | Optional | SSL Certificate Security (TLS) and Transparency |
Notice Record Generation
The notice record format is used to create a record that the PII Principal holds, controls, and manages to control their personal information:
The ANCR Notice Record is specified for PII Principals, using terms, semantics and laws that champion the legal utility of data control and its management. As such, representing a shift in the architecture of digital identity semantics to legal semantics specific to human centric transparency, usability, and control.
For this purpose, the ANCR record is first specified as a single use record, that the Individual controls with 4 transparency performance indicators.
Specified here as.a single use record to generate a record the Individual can own, control and trust. The TPI’s provided here are specified to cover vectors of digital privacy, by providing a consistent transparency for data control and governance.
Notice Record
The Notice Record is first specified as a static, one-time use notice record that is created by the PII Principal and used to initiate a state of operational transparency in context measured by access to, and performance of, rights.
Diagram 1: Notice Record
ANNEXED Info - to Reconcile
Table1: Single Use Notice Record:
PII Controller Identity AND Contact Transparency Report
Field Name | Field Description | Requirement: Must, Shall, May | Field Data Example |
|---|---|---|---|
Notice Location | Location the notice was read/observed | MUST | |
PII Controller Name | Name of presented business | MUST | Walmart |
Controller Address | The physical address of controller and/or accountable person | MUST | 1940 Argentina Road Mississauga, Ontario L5N 1P9 |
PII Controller Contact Type | Contact method for correspondence with PII Controller | MUST | Email, phone |
PII Controller-Correspondence Contact | General contact point | SHALL | |
Privacy Contact Type | The Contact method provided for access to privacy contact | MUST | |
Privacy Contact Point | Location/address of Contact Point | MUST | |
Session Certificate | A certificate for monitored practice | Optional | SSL Certificate Security (TLS) and Transparency |
Anchoring the Notice Record for Trust
The record identifier, when added to each record, provides an anchor for the notice record in the first instance. The Anchored Notice Record can be extended for use as a ‘trust anchor’ for the PII Principal by adding an ANCR Record ID that the PII Principal can use to track the PII Controller and the data processing and digital identity relationship over time. In this way an Anchored Notice Record is a gateway to scale consent online and internationally.1