...
- Overview of (OPN) Data Governance Authority Architecture:
- Intro
- This data governance authority architecture provides the international legal roles for
- Identity & Data Governance RolesLegally Specified Actors /Stakeholders
- Policy Controller, Privacy (Data) Controller, Registration Operator Governance Authority, DGA - Registrar
- Privacy Risk Assurance Levels 1-4
- Policy Controller, Privacy Controller, Data/Identity Governance Authority Operator (DGAO)
- Controller: Tier 0 Risk Assurance - Not Registered
- Policy Controller ( or just Controller) - Tier 1 Assurance - Self Asserted Binding -No Privacy Risk Assurance Assurance - Discoverable
- Privacy Controller (or Data Controller) - Tier 2 Assurance - Signed Binding for Legal Compliance - Mitigated Risk Assurance
- Data Governance Authority Operator - Tier 3 - Assurance - High Risk Assurance
- Registrar - Tier 4 - Registrar Infrastructure -
- Low Risk Personal Data Processing -
- only personal information of Controller, and Company Operators
- Low Risk Personal Data Processing -
- Policy Controller, Privacy Controller, Data/Identity Governance Authority Operator (DGAO)
- Intro
- Privacy Controller credential Credential Specification
- Overview: a Privacy Controller Credential is comprised of a bound relationship relationship identifiers for accountability and transparency: This enables data supply chain transparency
- Accountable Person + Legal Entity Identifier
- Legal Status of Accountable person and Legal Entity
- Wether the Accountable person is employed by Legal Entity, or 3rd Party
- if 3rd Party - Privacy Controller Credential of 3rd party is required
- Conditions of access and use:
- the accountable person info should be masked unless required (not published as is required in some jurisdictions)
- Accountable Person + Legal Entity Identifier
- Overview: a Privacy Controller Credential is comprised of a bound relationship relationship identifiers for accountability and transparency: This enables data supply chain transparency
- Use Case(s)
- Digital Immunisation Passport
- Legal Justifications for processing
- Surveillance of identifiers
- Holder, Verifier & IssuerIssuer
Unified Notice Control Language for Semantic Harmonization
UNCL:
Uses the definitions and terms specified in the ISO 29100 framework, Consent Receipt v1.2, specifying for specifying key roles for data control, transparency and accountability as . This international framework is the basis for a extending semantic data governance framework, in which to decentralized data economy. In this economy, the Privacy Controller Credential extended the Privacy Controller Public Profile for verified claims, decentralized identifiers, and Self Soverign applications. For this purpose, this specification is used to extend provide the best practices for the data controller role to generate a verifiable credential, usable the considerations in using this as a legal legal credential for standardized data processing profile. The
The Privacy Controller, the key accountable, authorizing stakeholder for data processing , and to represent this in the. standards and references for legal governance, and to currate a list of proposed (new terms/elements to explore) is the key audience for this specification and language.
Key Problem>
At this time, a high risk, high sensitivity data processing activity, has the responsibility to be transparent over the legal entities responsible for processing personal data, the beneficiaries of the data processing activity, in addition to any othe processors. This includes partners and data processing service providers, like Google or identity management service provider.
This privacy controller profile, printed out in long form would have At this time, a privacy controller credential written out in long form, might have multiple legal entities and Privacy Controller Credentials required, this would include addressall of their mailing addresses (by law) and , public contact points and can be a very long document. These elements which are found in a Public Privacy Profile point/addresses, and the details of any jurisdictional representative for privacy and data protection.
This specification, aims to tease out the language used for specifying these elements, which are legally required to be Public so that they can be represented with a single distributed identifier from the registrar, available via api and to simplify each DDE interaction.
Privacy Risk Assurance ;
- refers to trustworthy transparency
- e.g does this organization use of standardized legal semantics for notice and consent to ease understanding
...
Tier 0 - No-Risk Indicated : Self Asserted Binding with a privacy policy - providing minimum Privacy Risk Assurance (trustworthy Transparency)
- A non registered Broadcast listing
Tier 1 - Policy Controller - Low Risk - doesn't process personal data electronically, does not collect or process personal information, and for any personal identifier, this is minimized and secure, has internal security for data of employee's
...
Tier 4 - Controller Operator - Provides Registration services for Privacy Controller Credentials, Mitigates Privacy Risk with codes of conduct and certifications that accredit codes of practice. Controller can then register to these codes of conduct and practice
Use's of The PCC Credential - for a credential to provide a a single identifier for a Privacy Controller, which links to all LEI's for beneficial ownership.
...
Privacy Stakeholders | ISO Definition | |
---|---|---|
Regulator / | ||
PII Principal | ||
PII Controller | ||
PII Processor | ||
3rd Party |
Privacy Controller Credential Roles | |||
---|---|---|---|
Data Governance Authority Operator Role | Certification Providers on Regulator Approved Codes of Conduct - very limited PII - data controller personal information and a linked reference to a data subjects identifier - | ||
Data Governance Registrar | ` |
Stakeholder | Privacy Controller Credential : Creating Credentials for a use Case | Description | |
---|---|---|---|
Issuer | |||
Holder | |||
Verifier |
...