Consent and Choice - Positive Confirmation, v1.0

Defines privacy requirements related to positive confirmation of user information or attributes transmitted as part of an opt in process.

Assessment Step

1
Consent And Choice - Positive Confirmation (ConsentAndChoice-PositiveConfirmation)
Does the organization require that it obtains positive confirmation from the end user before any end user information is transmitted to any applications, and that the end user is able to see each attribute that is to be transmitted as part of the Opt In process, and if the CSP is aware that certain requested attributes are not required for authentication, does the credential service provider allow end users to opt out of the non-required individual attributes for each transaction?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.

Conformance Criteria (1)

C-1
The organization obtains positive confirmation from the End User before any End User information is transmitted to any applications. The End User must be able to see each attribute that is to be transmitted as part of the Opt In process. If a CSP is aware that certain requested attributes are not required for authentication, the Credential Service Provider should allow End Users to opt out of the non-required individual attributes for each transaction.
Citation
FICAM-TFPAP
Section 3.2.2