...

This specification also addresses security as a part of privacy (there won't be any "considerations" at the end). Current security approaches tend to look at privacy risk less wholistically. This specification addresses this key, no pun, security challenge - for example effectively KYC enhanced with a new authorization flow that that reflects - KYB - Know know your business .  from a human perspective (with whom does the identifier have a relationship).  Examples include:

• Verifying people for service use has been the main security approach as security focus 
• Verfify Altenrative approach is to verfify their privacy controller credential and use privacy law for defining purpose specific services - 
• Using open standards fromework (ISO) with ANCR Receipt and the framework (an appendix to this specification, e.g. ISO 29100, Kantara Notice and Consent Receipts, W3C Vocabulary for Notice and Notifications ( text ( which fills the receipt fields) .

• Operational PrivacyEngineering & Privacy (Identity and Security) (Engineering) Design Principles
  • Principal  of  "Transparency, Proportionality, and Control Reciprocity - Dynamic Data Controls"

• Code of Conduct and Practice (Ethical Operation)
• Must have a receipt (with operational Privacy Controller Credential) to engage in the Dynamic Data Control Ecosystem ecosystem, aka dynamic data economy, from a privacy rights and self-soveign data control perspective.
• Privacy Controller Credential is used to automate purpose driven online services, to enhance or even replace federated identity systems with self-sovering identity governance.

ISO 29100 Privacy Stakeholders

...