IDEF Common Privacy Profile, v1.0
Profile of Identity Ecosystem Framework (IDEF) privacy requirements that apply to all organizational entities participating in the Identity Ecosystem.
| Identifier | https://artifacts.trustmarkinitiative.org/lib/tips/idef-common-privacy-profile/1.0/ | ||||
| Publication Date | 2018-10-01 | ||||
| Issuing Organization |
Trustmark Initiative (https://trustmarkinitiative.org/)
View Contact
|
||||
| Keywords | IDEF, Identity Ecosystem Framework, Privacy | ||||
| Legal Notice | This artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein. |
Loading...
Trust Expression:
TD_IDEFDataMinimization and TD_IDEFPurposeLimitation and TD_IDEFAttributeMinimization and TD_IDEFCredentialLimitation and TD_IDEFDataAggregationRisk and TD_IDEFUsageNotice and TD_IDEFUserDataControl and TD_IDEFThirdPartyLimitations and TD_IDEFUserNoticeofChanges and TD_IDEFUserOptiontoDecline and TD_IDEFOptionalInformation and TD_IDEFAnonymity and TD_IDEFControlsProportionatetoRisk and TD_IDEFDataRetentionandDisposal and TD_IDEFAttributeSegregation
References (15)
| TD IDEF Data Minimization, v1.0 | |
|---|---|
| Description | Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-1: DATA MINIMIZATION. |
| ID | TD_IDEFDataMinimization |
| Provider Reference | |
| TD IDEF Purpose Limitation, v1.0 | |
|---|---|
| Description | Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-2: PURPOSE LIMITATION. |
| ID | TD_IDEFPurposeLimitation |
| Provider Reference | |
| TD IDEF Attribute Minimization, v1.0 | |
|---|---|
| Description | Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-3: ATTRIBUTE MINIMIZATION. |
| ID | TD_IDEFAttributeMinimization |
| Provider Reference | |
| TD IDEF Credential Limitation, v1.0 | |
|---|---|
| Description | Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-4: CREDENTIAL LIMITATION. |
| ID | TD_IDEFCredentialLimitation |
| Provider Reference | |
| TD IDEF Data Aggregation Risk, v1.0 | |
|---|---|
| Description | Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-5: DATA AGGREGATION RISK. |
| ID | TD_IDEFDataAggregationRisk |
| Provider Reference | |
| TD IDEF Usage Notice, v1.0 | |
|---|---|
| Description | Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-6: USAGE NOTICE. |
| ID | TD_IDEFUsageNotice |
| Provider Reference | |
| TD IDEF User Data Control, v1.0 | |
|---|---|
| Description | Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-7: USER DATA CONTROL. |
| ID | TD_IDEFUserDataControl |
| Provider Reference | |
| TD IDEF Third-Party Limitations, v1.0 | |
|---|---|
| Description | Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-8: THIRD-PARTY LIMITATIONS. |
| ID | TD_IDEFThirdPartyLimitations |
| Provider Reference | |
| TD IDEF User Notice of Changes, v1.0 | |
|---|---|
| Description | Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-9: USER NOTICE OF CHANGES. |
| ID | TD_IDEFUserNoticeofChanges |
| Provider Reference | |
| TD IDEF User Option to Decline, v1.0 | |
|---|---|
| Description | Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-10: USER OPTION TO DECLINE. |
| ID | TD_IDEFUserOptiontoDecline |
| Provider Reference | |
| TD IDEF Optional Information, v1.0 | |
|---|---|
| Description | Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-11: OPTIONAL INFORMATION. |
| ID | TD_IDEFOptionalInformation |
| Provider Reference | |
| TD IDEF Anonymity, v1.0 | |
|---|---|
| Description | Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-12: ANONYMITY. |
| ID | TD_IDEFAnonymity |
| Provider Reference | |
| TD IDEF Controls Proportionate to Risk, v1.0 | |
|---|---|
| Description | Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-13: CONTROLS PROPORTIONATE TO RISK. |
| ID | TD_IDEFControlsProportionatetoRisk |
| Provider Reference | |
| TD IDEF Data Retention and Disposal, v1.0 | |
|---|---|
| Description | Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-14: DATA RETENTION AND DISPOSAL. |
| ID | TD_IDEFDataRetentionandDisposal |
| Provider Reference | |
| TD IDEF Attribute Segregation, v1.0 | |
|---|---|
| Description | Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement PRIVACY-15: ATTRIBUTE SEGREGATION. |
| ID | TD_IDEFAttributeSegregation |
| Provider Reference | |
Sources (1)
| IDEF | Identity Ecosystem Steering Group. Identity Ecosystem Framework (IDEF) Baseline Functional Requirements v1.0 with Supplemental Guidance. Approved on 15 Oct 2015. https://www.idesg.org/portals/0/documents/core/IDEF-Baseline-Requirement-v1.0-with-Supplemental-Guidance_MOD.pdf. |
Terms (12)
| Term Name | Abbreviations | Definition |
|---|---|---|
| Anonymous | An interaction designed such that the data collected is not sufficient to infer the identity of the user involved nor is such data sufficient to permit an entity to associate multiple interactions with a user or to determine patterns of behavior with a user. | |
| Digital Identity Management Function | Any of the functions described in the IDESG Functional Model (registration, credentialing, authentication, authorization, and intermediation), which also encompass enrollment, identity proofing, identity vetting, access control, attribute management, transaction processing, and identity data maintenance. | |
| Entity | Any organization providing identity services. | |
| Identifier | A number or other non-attribute designation designed to specify an individual or set of individuals in a system. | |
| Identity Ecosystem Framework | IDEF | The overarching set of policies, best practices and standards that serve as the policy foundation for the Identity Ecosystem. |
| Identity Ecosystem Steering Group | IDESG | A voluntary, public-private partnership dedicated to developing an Identity Ecosystem Framework (IDEF) and services to better online digital identity. The IDESG looks to advance the Identity Ecosystem called for in the National Strategy for Trusted Identities in Cyberspace (NSTIC). |
| Nonproprietary Published Format/Specification | A known and consistent format that is published and transparent to all relying parties and identity providers in the relevant network, and is not controlled by a commercial interest. | |
| Personal Information | Broadly means any information about or linked to a user that is collected, used, transmitted, or stored in or by digital identity management functions. | |
| Pseudonymous | An interaction designed such that the data collected is not sufficient to allow the entity to infer the user involved but which does permit an entity to associate multiple interactions with the user's claimed identity. | |
| Redress | When (a) an entity offers an opportunity for a party who is transacting with it to complain or ask for adjustment, if the transaction is unsatisfactory to that other party; and (b) the entity responds clearly to each request of that kind; and (c) if the request relates to the entity's failure to comply with the IDESG Baseline Requirements, the entity cures the failure to comply, or provides a remedy for the failure. | |
| User | In usability statements, refers to an individual human being. This does not include machines, algorithms, or other non-human agents or actors. Equivalents and related terms may include: user- centric, user-centered, human-centered, end user, individual user, user-friendly. In security statements, may refer either to an individual natural person, or to an entity such as a company or agency: Various security requirements may confer opportunities, rights or remedies on a party or account which is served by a cybersecurity function, whether that account relates to a single human or to an organization. |
|
| User-Centric | Systems, design and/or program processes that put the individual human being at the center of the activity. Equivalents and related terms may include: user, user-centered, human- centered, end user, individual user, user-friendly. |