...
- The privacy controller credential is the digital version of an organizations organization's privacy and surveillance notice and related identification
- Rather than analogue - company identity, company address, company phone number, the controller credential contains the digital version of this information and privacy contract point for exercising data control for privacy rights.
- The point where a valid state of consent can be assured with a proof of notice and a record of consent.
- The aim of this specification is to implement related standards and specification for different measure of privacy assurance in accordance with the principles of operational privacy
- At its core, the privacy controller credential is a security and rights record and used for Non-Interdependent access to rights and controls in context of decentralized use of identifiers
...
ISO 29100 Privacy Stakeholders
Privacy Stakeholders | ISO Definition | |
---|---|---|
Regulator / | ||
PII Principal | ||
PII Controller | ||
PII Processor | ||
3rd Party |
Privacy Controller Credential Roles | |||
---|---|---|---|
Data Governance Authority Operator Role | Certification Providers on Regulator Approved Codes of Conduct - very limited PII - data controller personal information and a linked reference to a data subjects identifier - | ||
Data Governance Registrar | ` |
Applying /mapping ToiP Governance Model to international framework:
Stakeholder | Privacy Controller Credential : Creating Credentials for a use Case | Description | |
---|---|---|---|
Issuer | |||
Holder | |||
Verifier |
Gov ToiP Role | UseCase Example | Roles | Actors Privacy Stakeholders
| |
---|---|---|---|---|
Provides the schema - hospital | issuer | Privacy Controller | ||
Person - Requesting Information from - patient/traveller | holder | Data Subject | ||
3rd Party - border control | Verifier | Data Processor / 3rd Party |
- looking to make a process for what Legal Privacy Stakeholder has the Credential Role
- Steps to assign Stakeholder Roles
- Test for checking if its a processors or a 3rd party?
- Steps to assign Stakeholder Roles
Legal Semantic Element | semantic description | functional usage | fields Required | |
---|---|---|---|---|
controller | ||||
controller_identity | ||||
controller address registered | ||||
controller address (mailing) | ||||
controller contact | extend consent termination for a control point |
Delegated Role :
Delegated | |||
---|---|---|---|
Regulator | Ombudsman | ||
PII Principal | Guardian | ||
PII Controller | Joint-Controller | ||
PII Processor | Sub-Processor | ||
3rd Party | turtles |
References for use for creating a Unified (generic) Data Control Vocabulary for OCA
Standard/Specifications | Title | Description | Resource Status |
---|---|---|---|
ISO 29100 | Information technology — Security techniques — Privacy framework | ISO/IEC 29100:2011 provides a privacy framework which
| Status - Is publicly available - https://www.freestandardsdownload.com/iso-iec-29100-2011.html |
ISO/IEC 29184:2020 | Online privacy notice and consent | (just published - not available to public - we are working on publishing a report/appendix for use with this group ) | |
W3C DPV 0.01 | Data Privacy Vocabulary |
|
|
Reference: OPN-Notice Schema
...
Lizar, M. & Pandit, H.J., OPN: Open Notice Receipt Schema, 14th International Conference on Semantic Systems (SEMANTiCS 2019), Karlsruhe, Germany, 2019 [Published http://www.tara.tcd.ie/handle/2262/91576 [accessed July 1, 2020]
Field Name | Field Label | Format | Description | Required/Optional |
Schema Version | version | string | Required | |
OPN Privacy Profile URI | profile | string | Link to the controller's profile in the OPN registry. | Required |
Type of Notice Receipt | Notice Receipt | string | Label Notice Receipt | Required |
Receipt ID | id | string | A unique number for each Notice Receipt. SHOULD use UUID-4 [RFC 4122]. | Required |
Timestamp | timestamp | integer | Date and time of when the notice was generated and provided. The JSON value MUST be expressed as the number of seconds since 1970-01-01 00:00:00 GMT (Unix epoch). | Required |
Signing Key | key | string | The Controller’s profile public key. Used to sign notice icons, receipts and policies for higher assurance. | Optional |
Language | language | string | Language in which the consent was obtained. MUST use ISO 639-1:2002 [ISO 639] if this field is used. Default is 'EN'. | Optional |
Controller Identity | controllerID | string | The identity (legal name) of the controller. | Required |
Legal Jurisdiction | jurisdiction | string | The jurisdiction(s) applicable to this notice | Required |
Controller Contact | controllerContact | string | Contact name of the Controller. Contact could be a telephone number or an email address or a twitter handle. | Required |
Link to Notice | notice | string | Link to the notice the receipt is for | Optional |
Link to Policy | policy | string | Link to the policies relevant to this notice e.g. privacy policy active at the time notice was provided | Required |
Context | context | string | Method of notice presentation, sign, website pop-up etc | Optional |
Receipt Type | The human understandable label for a record or receipt for data processing. This is used to extend the schema with profile for the type of legal processing - and is Used to identify data privacy rights and controls |
OCA schema specification: https://docs.google.com/spreadsheets/d/1KOdq8Yy3OXmuELyh7tpHMlhyMZPSZ3Ib/edit#gid=68769926