General Use Case: Spec Edit Dev Elements
From the Spec Edit - content specific to this use case.
The following table sets out requirements for a consent receipt to conform to Mode 1. Below are requirements for Mode 1, as well as guidance for implementation:
Data Portability: The implementor MUST present the mode 1 receipt in such a way as to allow the PII Principal (the individual receiving the receipt) an option or options to keep their own copy. Examples include but are not limited to printing or saving a web page, printing or saving a PDF or receiving an email with the receipt as an attachment. It is recommended but not required this information be presented in the order of the fields below.
The PII Controller MUST take reasonable steps to ensure that the delivery of the receipt is as secure as the collection of personally identifiable information to which the receipt refers.
Implementers SHOULD keep copies of receipts and link them to the records or individuals to which they apply.
Implementers MAY add additional information to the consent receipt except where such information negates or contradicts the information specified in the table below.
Field Name | Description | Required (MUST) or optional (MAY) field |
Receipt ID | A unique identifier for each receipt issued | MUST |
Service | A description of the service or group of services being provided for which personally identifiable information is required. | MUST |
PII Principal | Typically the name or user ID of the natural person whose information is being collected | MUST |
PII Controller | The legal name of the entity accountable to the PII Principal | MUST |
On Behalf | MUST | |
PII Controller Contact Address | The physical address of the PII controller where the appropriate privacy officer works. | MAY |
PII Controller Contact Email | MUST | |
PII Controller Contact Phone | MAY | |
PII Categories | MUST | |
Sensitive Personal Data Y/N | MUSTSHOULD | |
Purpose(s) | The purpose or purposes for which PII is collected. | MUST |
Sharing Disclosure Y/N | Will the PII collected be disclosed. | MUST |
Consent Type | MUST | |
Collection Method | How was consent obtained or authority derived | MAY |
Jurisdiction | MUST | |
Privacy Policy | URL | MUST |
Consent ID | MUST | |
Consent Time/Date Stamp | MUST | |
Purpose Termination/Duration/Renewal | MAY |