Legal Scale of Compliance
Legal Compliance Scale Task List
MVCR Compliance Audit & Scale
Audit
Each field on the MVCR contains legal notice requirements, each of these components are listed in and the presence of these are counted and a flag is added to record if any of these self asserted claims have been disputed and not resolved.
The MVCR has a maximum rating of compliant. (Note: Additional Ratings are possible with extensions)
This rating can be self asserted with the provision of this consent receipt. A scale of compliance is used for each of these notice information elements. If one or more elements do not work, or are not verifiable then a status of partialy compliant is provided.
If all elements are not verifiable then the consent is no longer compliant or verifiable for basic compliance level rating.
Notice Compliance Checklist | Non Compliant | Partially Compliant | Compliant | Above Compliant | Trusted | User Managed |
|---|---|---|---|---|---|---|
Contact of DC |
|
| X |
|
|
|
Address of DC |
|
| X |
|
|
|
Purpose(s) |
|
| X |
|
|
|
Sensitive Data (If NO) |
|
| X |
|
|
|
Share with 3rd Party (If No) |
|
| X |
|
|
|
Agree to implement context checklist? (Y/N) |
|
| Yes |
|
|
|
Any of the above self asserted is |
|
| X |
|
|
|
(additional architecture is needed to mediate compliance level ratings)
MVCR Compliance Assurance Scale
Each item in the MVCR will be rated with this scale presented below
The compliance scale is based on the ICO table of compliance http://ico.org.uk/for_organisations/data_protection/working_with_the_ico/~/media/documents/library/Data_Protection/Detailed_specialist_guides/auditing_data_protection.pdf
Trusted Services Appendix
Trusted services/networks and frameworks, can be used to meet or exceed notice(and therefore consent) legal requirements. Or to address the need for assurance and trust for people so that consent and its management can be automated and more usable. It is for seen that a notice registry is the natural place for trust services to register their services.
A process for auditing and verifying all trust services needs to be in place for trust services to be trusted. Then when an organisation enrols into the registry they can also add (or manage) trust services that has been added to the receipt.
This is a table to map the list and categories of assurance framework with examples and notes on interoperability with this category of service.