Versions Compared

Old Version 24

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 25

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Solution 


Specification Overview 

This specification contributes and builds upon the record and receipt information structure. 

  • Record and Receipt Info Structure

    • ANCR Record - (receipt prefix)

...

Fields Added

  1. PII Controller Identifier [DiD] 
    1. Credential ID 
    1. Fiels specified here are added to the ANCR Notice Record, 
    1. Accountable Person and role 
    1. Controller Notice Record Identifier 
    1. Controller Receipt Identifier 
    1. : DiD: Verified Credential  
  1. Controller Type[Ctype]:  
  2. Notice Controller,  
  3. PII notice controller,  
  4. PII controller,    
  5. PII surveillance controller , (info not provided by PII Principle) 
  6. [Ctype] controller operator, 
  7. Accountable Person Type

Security

...

Baseline


Use Case : Controller Credential: use of Verifiable Credential and Decentralized iDentifier to make Micro-Credentials


2 Examples

  1. Security, 
    1. evidence 
      1. fraud, traceabilty
      2. permission and access control transparency. 
    2. Security of Security 
      1. schema struture and use of object identifiers 
      2. NIST - Privacy and Security Control framework 
        1. NIST Language - 
  2. Auditing a ToiP implementation

...

ISO 29100 Privacy Stakeholders



Annex

Privacy Stakeholder Mapping to Functional ToiP Roles

Privacy Stakeholders

ISO Definition


Regulator / 

PII Principal

PII Controller

PII Processor

3rd Party
Privacy Controller Credential Roles Data Governance Authority Operator Role  Certification Providers on Regulator Approved Codes of Conduct  - very limited PII - data controller personal information and a linked reference to a data subjects identifier -Data Governance Registrar`

Use Case 1: 

Use Case 2: Applying international governance

  • Assessing a ToiP / SSI / Verified Credential Implementations 

Image Removed




Semantics


Legal Semantic Element 

semantic description

functional usage

fields Required


controller 


    
controller_identity








controller address registered



controller address (mailing)








controller contactextend consent termination for a control point


...




Delegated 

Regulator

Ombudsman
PII Principal

Guardian/Parent/School
PII Controller

Joint-Controller
PII Processor

Sub-Processor
3rd Party

turtles 


References for

...

Controller Credential, Infrastructure and Legal Framework

Standard/Specifications

Title

Description 

Resource Status

ISO 29100

Information technology — Security techniques — Privacy framework

ISO/IEC 29100:2011 provides a privacy framework which

  • specifies a common privacy terminology;
  • defines the actors and their roles in processing personally identifiable information (PII);
  • describes privacy safeguarding considerations; and
  • provides references to known privacy principles for information technology.
Status - Is publicly available - https://www.freestandardsdownload.com/iso-iec-29100-2011.html
ISO/IEC 29184:2020Online privacy notice and consent
(just published - not available to public - we are working on publishing a report/appendix for use with this group )
W3C DPV  0.01Data Privacy Vocabulary
  • legal ontology for technically breaking down and mapping legal ontology to a data legal ontology - 
  • the Notice +  CR V1.2 and W3C DPV, also use a common set of purpose categories. and the Kantara CR v1.1 for purpose specification
  • (note shared by initial FIHR approach - now much more evolved) 

Reference:

...

OPN: Open Notice  (+ Consent) Receipt Schema: Starters Guide to Unified Data Control Schema

Lizar, M. & Pandit, H.J., OPN: Open Notice Receipt Schema, 14th International Conference on Semantic Systems (SEMANTiCS 2019), Karlsruhe, Germany, 2019 [Published http://www.tara.tcd.ie/handle/2262/91576 [accessed July 1, 2020]

...