2015-06-15 Meeting Notes

Date

Jun 15, 2015

Attendees

 

John submited a use case, on the list (posted below)

We discussed option of  a scaled down spec  to v0.6.5 and call it an MVCR v.1 as a comprimise, in this version we are modifying what is required/downgrading it to show why a receipt is important

  • changing  operation context option - i.e. we can scrap operational context for that version, or just add a note that the user has the right to access and rectify PII provided
  •  change the integrity to a SHOULD be instead of MUST
  • and remove the systematically and automatically usable  to a single record that can be collected and aggregated manually

Actions:

Mark Lizar (Unlicensed) update spec to v0.6.5 - and update fields in the spec to v0.6.5 versions.  - Updating the word document

  • Iain & John working on how to use a word template to give out a consent receipt for salesforce
  • iainh1 NA (Unlicensed) to take over Monday Night calls for next two weeks
  • Mark Lizar (Unlicensed) to make consent receipt generator to create a v0.6.5   receipt for it to be used in a form
  • iainh1 NA (Unlicensed) to create marketing materials around this

Goals

  • MVCR Use Case Development
  • Everyone that wants specify how and what the MVCR should represent should bring this to the call.   

*******

 

Minimum Viable Consent Receipt

Simple Use Case

Contents

Introduction................................................................................................................................... 1

Scenario......................................................................................................................................... 1

Data Flows..................................................................................................................................... 1

The Consent Receipt.................................................................................................................... 1

 

Introduction

The notion of a ‘minimum viable consent receipt’ described below is based on the notion that, a data subject who provides personally identifiable information about themselves to a data processor has a right to expect a clear explanation of what information has been collected, for what purpose and with whom it will be shared.

Scenario

There are as many different scenarios for personal data collection as there are types of interactions between people and systems. We will focus on a simple representative scenario here. A user, called Alice, has browsed to a web site that she has found interesting which we will call, Bob’s compendium of interesting news. Bob, who runs the web site, doesn’t want anonymous Internet trolls leaving comments on his web site so he disallows comments on his stories unless a person registers with their real name and a valid email. Because he is a proponent of privacy, Bob is committed to not sharing personal information he collects with others. Alice is willing to do register on Bob’s site to make comments, but wants to retain a record of Bob’s commitment not to share her information. This is where a minimum viable consent receipt comes in. After Alice enters her information on Bob’s site she presses a “Register” button. At that time, Bob’s site collects her information and shows her a receipt on her screen which she can save locally on her computer. At the same time Bob can save a copy himself. Now Bob and Alice have identical copies of a receipt that describes what information Bob has collected, describes in broad terms what he will do with this information and with whom the information is shared.

Diagrams

This high level scenario can be visualized in a couple of different ways:

 

 

 

 

 

The Consent Receipt

The consent receipt that Alice received in the scenario above could be as simple as a generated word document or PDF that looks like this. The highlighted fields should be generated at the time of issue, but everything else may remain static until Bob changes the terms of his web site.

 

Bob’s Compendium Of Interesting Things Web Site

Consent Receipt

Issued by

BobsCompendiumOfInterestingThings.com

Date Issued

Sunday, June 14, 2015

Time Issued

2:35 PM

Receipt ID

c78f8e2a-5bbf-4f97-9c85-cf8738a027d6[1]

 

 

About BobsCompendiumOfInterestingThings.com

Requests for more information

privacy@BobsCompendiumOfInterestingThings.com

Privacy Policy

BobsCompendiumOfInterestingThings.com/privacy

Purpose

The information described below was collected to ensure the integrity and transparency of the comments on BobsCompendiumOfInterestingThings.com.

 

Personal Information Collected

Receipt Issued to

Alice

Personal Information collected from Alice

Full Name

 

eMail

Other Information collected from Alice

Browser Header

 

Other Information

3rd Party Sharing

No

Sensitive Data Collected

No

 

 

 



[1] This UUID generated by https://www.uuidgenerator.net/