Legal Scale of Compliance

Legal Compliance Scale Task List

  • Define each compliance level item in the MVCR
  • Add requirements for above compliant
  • Add requirements and audit for trusted services
  • Add User Mangaed Compliance audit and spec

 

MVCR  Compliance Audit & Scale

Audit

 

Each field on the MVCR contains legal notice requirements, each of these components are listed in and the presence of these are counted and a flag is added to record if any of these self asserted claims have been disputed and not resolved.  

 

The MVCR has a maximum rating of compliant.   (Note: Additional Ratings are possible with extensions)

 This rating can be self asserted with the provision of this consent receipt. A scale of compliance is used for each of these notice information elements. If one or more elements do not work, or are not verifiable then a status of partialy compliant is provided. 

If all elements are not verifiable then the consent is no longer compliant or verifiable for basic compliance level rating. 


 

Notice Compliance Checklist

Non Compliant

Partially Compliant

Compliant

Above Compliant

TrustedUser Managed

Contact of DC

 

 

X

 

  

Address of DC

 

 

X

 

  

Purpose(s)

 

 

X

 

  

Sensitive Data (If NO)

 

 

X

 

  

Share with 3rd Party (If No)

 

 

X

 

  
Agree to implement context checklist? (Y/N)  Yes   
Any of the above self asserted is
Disputed or un verifiable (Y/N Flag) (If No)
( if Yes and unresolved = Non-Compliant)
  X   

 

 (additional architecture is needed to mediate compliance level ratings) 

MVCR Compliance Assurance Scale

Each item in the MVCR will be rated with this scale presented below

Trusted Services Appendix


Trusted services/networks and frameworks, can be used to meet or exceed notice(and therefore consent) legal requirements. Or to address the need for assurance and trust for people so that consent and its management can be automated and more usable. It is for seen that a notice registry is the natural place for trust services to register their services. 

A process for auditing and verifying all trust services needs to be in place for trust services to be trusted.  Then when an organisation enrols into the registry they can also add (or manage) trust services that has been added to the receipt.  

 

  • This is a table to map the list and categories of assurance framework with examples and notes on interoperability with this category of service.    

     Type of Trust Framework

    • Consent Policy Format

    Personal Policy Preference

     

    Consent Extension Location

    Trusted Service Provider Examples

      

    Tracker: Analytics etc:

     Cookie

    Do Not Track

    browser header

    cookiepedia, privacy clearing warehouse, Ghostery

      

    Terms of Use Policy

     

     Agree to terms

      

    TOS;DR, Citizen Me

      

    Policy Tracking Services

    Policy Comparison

    Has terms materially changed ( is consent still compliant? )

     

    TOSBack

      
     

    Consent Type

    What kind of consent has been received

    To record the type of consent or whether there is an exception to the requirement for consent.

       

    Reputation

     

    Trust Framework

      

    (all trust services provide reputation)

      

     

    Privacy Icons

     

    Pictorial Short Notices

      

    Disconnect Me

      

    Capture of Personal Preference at Time of Consent

    Does the issuing entity acknowledge DNT

    If not available, should provide a notice that it is missing

     

    [#receipt]!:uuid:1234<#dnt>&/&/true

      

     

    Data Control Protocol

       

    User Managed Access

      

     

    Trusted Network Service

       

    Respect Network

      

     

    Standards

          

     

    Certificates

       

    TrustE

      

    Levels of Assurance

       

    KI: Identity Assurance Framework