ISO 29184 - Inputs

Owned by Mark Lizar (Unlicensed)
Last updated: May 20, 2020
2 min read

Key Input of Notice Requirements: 


The organization should provide notice in a machine-readable format so that the software responsible for presenting it to the PII principal can parse it to optimize the user interface and help PII principals make decisions


Mark Lizar (Unlicensed) to draft initial text from the 29184 inputs for lifecycle of Notice and to show work/logic and reference for draft (below)

Notification Inputs

Notice 

Situations, when the PII principal is subject of being impacted, are when:

a) they change the nature of the service for which PII was collected;

  • they change the collection and processing of PII which causes additional or higher impact on the PII principal than previously indicated;
  • there is a substantial change at the PII controller;
  • they change the PII being collected;
  • they change the processing of PII;
  • they change the collection method of PII;
  • they change the purpose of use of collected PII to something outside the scope of what was notified to the PII principal at the time PII was collected;
  • they change matters related to the provision of PII to a third party;
  • they change the retention period or change the disposal date notified to the PII principal at the time PII was collected;
  • they change matters related to disclosure, use and retention period, correction, deletion, third party transfer, or revoking of consent;
  • they change the contact information for inquiry.
    • Note The organization can publish the new contact information on its websites or at the startup page of a mobile app 

Consent Notification Inputs

b) provide notice of the change and  seek the PII principal’s consent to those changes include, but are not limited to:

  • the overall service being provided to the PII principal changes;
  • the collection and processing of PII causes another or higher impact on the PII principal or higher risk of such an impact than indicated previously;
  • changes within or to the PII controller occur (e.g., change of owner, change of business); the PII being processed changes;
    the processing of PII changes;
    the methods used to process the PII change;
  • the purposes for which PII is processed change;
  • the provision of PII to a different third party change (unless the PII principal was previously notified that PII would be provided to a range of third parties and the change made does not expand the scope of provision);
  • the retention periods or disposal dates change;
  • the manner in which PII principals may access the PII held by the organization changes, or to the manner in which PII principals may request corrections to that information; and
  • the contact information for the submission of access or correction requests changes;


Notification Language

  1.  5.5.4.1 Control

  2. 581  The organization should provide the notice digitally and in the language according to the PII principal's

  3. 582  preference if the service is expected to be used by PII principals from different language speaking

  4. 583  populations and multiple languages were identified per 5.1.3.