Support Doc- Kan Imp Use Case

 

Basic Flow CR Dev-Implementation 

  1. Utilising v.07 - Assessed  Organisational Consent Policy Notice and Disclosure Assessment 
  2. Review purpose of Consent in the General Participation Agreement 
  3. Created the Scope to clarify the  Consent Use, Disclosure and/or collection of PII 
  4. Design of Receipt - (completed once comments and UX considerations created (see ISO SC/JT Input)

1. Assessment

Kantara has a trusted and unique brand in trusted services, in that it is a community of people invested in standards development, developing trusted technology, policy, protocols around identity and policy. As a result, it is important to Kantara to be transparent around the collection use and disclosure of PII as Kantara Initiative is comprised of open and transparent Work Groups, where members agree to participate in a WG by consenting to a workgroup participation agreement.

To create a consent receipt the privacy policy (or existing consent notice) was reviewed for collection, use and disclosure practices, and these were collected in order to implemenet a base consent receipt template for the Kantara WG GPA sign-up form. 

2. Review recommendations:

  • In the privacy policy there is a reference to an implied consent to transfer personal information across jurisdictional borders which is not compliant with current Privacy Shield practices
    • Recommend adding an explicit consent to the WPA form
  • Member data shared on WG WIKI in participation roster (link to participant roster)
  • All post to mailing list are captured in a public achieved (link to mailing list for m)

3. Consent Scopes

  • Disclosure 
    • Virtual
    • Emma Inc

 

Kantara-Imp -CIS-Audit v.1.docx

Kan-Imp v0.8-Edit-v.2.pdf