1.1: Privacy Protection
Establish improved privacy protection mechanisms. Other Information:
The Identity Ecosystem Framework must offer individuals better means of protecting their privacy by establishing clear rules
and guidelines based upon the FIPPs These rules and guidelines must address not only the circumstances under which a service
provider or relying party may share information but also the kinds of information that they may collect and how that information
is used New privacy protections will shift the current model of application-specific collection of identity information to
a distributed, user-centric model that supports an individual’s capability to manage an array of cyber identities and to manage
and assert personal attributes without having to provide identifying data The new model will reduce the number of service
providers with whom individuals must share their personal information in the course of everyday transactions. The Executive
Branch of the Federal Government will work with the private sector and, if necessary, propose legislation to strengthen privacy
protections for individuals These protections will enable individuals to form consistent expectations about the treatment
of their information in cyberspace Although individuals will retain the right to exchange their personal information in return
for services they value, these protections will ensure that the default behavior of Identity Ecosystem providers is to: *
Limit the collection and transmission of information to the minimum necessary to fulfill the transaction’s purpose and related
legal requirements; * Limit the use of the individual’s data that is collected and transmitted to specified purposes; * Limit
the retention of data to the time necessary for providing and administering the services to the individual end-user for which
the data was collected, except as otherwise required by law; * Provide concise, meaningful, timely, and easy-to-understand
notice to end-users on how providers collect, use, disseminate, and maintain personal information; * Minimize data aggregation
and linkages across transactions; * Provide appropriate mechanisms to allow individuals to access, correct, and delete personal
information; * Establish accuracy standards for data used in identity assurance solutions; * Protect, transfer at the individual’s
request, and securely destroy information when terminating business operations or overall participation in the Identity Ecosystem;
* Be accountable for how information is actually used and provide mechanisms for compliance, audit, and verification; and
* Provide effective redress mechanisms for, and advocacy on behalf of, individuals who believe their data may have been misused.
Indicator(s):
|
