A4: Privacy Protections
Work to Implement Enhanced Privacy Protections Other Information:
The Federal Government will work with the private sector to determine approaches to implement the FIPPs. Early focus on privacy
policy, process, and technology implementation will enable Identity Ecosystem participants to develop best practices, guidance
and standards that will enhance the way entities collect, use, protect, transmit, retain, and destroy personally identifiable
information. The Federal Government will create detailed action plans to strengthen privacy policy and implementation such
that Identity Ecosystem providers will: * Provide concise, meaningful, timely, and easy-to-understand notice to end-users
regarding collection, use, dissemination, and maintenance of PII in identity assurance solutions. * Limit collection and transmission
of information by Identity Ecosystem participants to the minimum information necessary to fulfill the purpose of the transaction.
* Limit secondary uses of individual data collected and transmitted in the Identity Ecosystem. * Limit retention of data to
the period necessary for the provision of the services to the individual end-user for which the data were collected, except
as otherwise required by law. * Minimize data aggregation and linkages across transactions in the Identity Ecosystem. * Provide
mechanisms to allow individuals to access, correct, and delete information, as well as minimize barriers to individuals’ termination
of their relationships with Identity Ecosystem participants. * Establish accuracy standards for data used in identity assurance
solutions. * Protect and securely destroy information when terminating business or overall participation in the Identity Ecosystem.
* Provide provision(s) of redress mechanisms to individuals who believe their data may have been misused. The user-centric
nature of the Identity Ecosystem presents opportunities for individuals to control and release their private data in truly
innovative ways. The Strategy calls for actions that will shape the way users provide data to organizations, as well as ways
in which users can enjoy simple and effective mechanisms to update, publish, and redact their private information.
Indicator(s):
|
