Child pages
  • Sample Mode 1 Consent Receipts (Human Readable)

Consent Receipt

  1. Service

Digital Subscription and News Alerts

  1. PII Principle ID

Bowden Jeffries

  1. PII Controller

Ankh-Morpork Times

  1. On Behalf

False

  1. Contact Address

Ankh-Morpork Times

Gleam Street, Ankh-Morpork, Discworld

  1. Contact Email

william@times.ankh-morpork.xyz

  1. Contact Phone

(555) 555-DISC (3429)

  1. PII Categories
  • Biographical
  • Contact
  • Communications/Social
  • Financial
  1. Sensitive Data

Yes

  1. Purpose Categories
  • Core Function
  • Contracted Service
  • Contact Requested
  • Personalized Experience
  • Marketing
  • Complying with our legal obligations for record keeping.
  • Complying with our legal obligations to provide the information to law enforcement or other
  1. 3rd Party

N/A

  1. Consent Type

Implicit

  1. Collection Method

Web Subscription Form with opt in for marketing

  1. Jurisdiction

DW

  1. Privacy Policy

https://times.ankh-morpork.xzy/privacy

  1. Receipt ID

dcd55b2d-fbb8-4cf9-b183-80f31af7edbf

  1. Consent Time Stamp

Tue Sep 6 10:00:00 2016

  1. Purpose Termination

Subscription end data + 1 year end

Table 1 Kantara Initiative Mode 1 Consent Receipt


Receipt for Personally Identifiable Information

Service: Digital Subscription and News Alerts

At the Ankh-Morpork Times we take your privacy seriously. This document is being provided to you as a receipt for personally identifiable information that we have, or will collect about you. It tells you what information has been collected and for what purposes we will use and disclose it. For your information this document is based on the Consent Receipt Specification v0.8 published by the Kantara Initiative.

We have collected, or will collect, the information described below based on your implicit consent when you completed our web subscription form. If you receive marketing material, it will because you ticked an opt-in check box for marketing. We operate and follow the data protection rules for DiscWorld (DW). We will continue to collect and use your information until 1 year after your subscription ends.

 

Your ID: Bowden Jeffries

Types of Information we have or may collect about you [s] .

The purposes for collection of your personal information [o] .

General biographical information about you

Your contact information

You and your contacts email and social media

Your financial information for payments S

Technical data for web servers (Core Function)

News web site and alerts (Contracted Service)

Personalized Experience

Marketing o

Meeting Legal Obligations

About Us: The Ankh-Morpork Times is the Personally Identifiable Information Controller that is accountable for the information that has been collected about you. We are acting on our own behalf. For more details on our privacy notice and practices see the privacy policy linked to below.

Our Contact Information

The Ankh-Morpork Times

Gleam Streat, Ankh-Morkpork, Discworld

Privacy Contact

William de Worde, Chief Editor and Privacy Officer

william@times.ankh-morpork.xyz

(555) 555-DISC (3429) x 7748229 (Privacy)

Privacy Policy

https://times.ankh-morpork.xzy/privacy

 

Receipt #: dcd55b2d-fbb8-4cf9-b183-80f31af7edbf

Date: Tue Sep 6 10:00:00 2016


Comments on these sample consent receipts

I created 2 versions. The first page is a simple table using the defined Field Names in the recommended order. The second page is an attempt to create something that a DPO, sensitive to their own corporate branding and customer experience, might create. In both I used dummy data from the fictional DiscWorld series (RIP Terry Pratchett).

Implementation Issues

  • I only needed the Required Fields: Mode1 (section 3.1.2) to complete the majority of the CR. I needed to refer to Appendix A and B to use Kantara approved PII types and purpose categories, but I suspect that if I were an actual DPO I’d be using the categories of both that I already used.
  • On the second page I very much wanted to add a reference or link to the Data Protection Authority as well as the jurisdiction. Recommend adding DPA information as an optional category for the CR.
  • On the second page, it seemed appropriate to do a “We take your privacy seriously” and “What is this document” so that Alice could print it out, understand it and save it for later use thereby. Suggest adding boilerplate text for these purpose to Mode 1, but allowing the implementor to customize.
  • The Mode 1 spec doesn’t call for a ‘version’ but I included a reference and link to the version on both pages to allow Alice the ability to compare the receipt she gets with the standard it purports to represent. Recommending adding a link to the version on Mode 1.
  • I note that it would be trivially easy to create Word Template with macros or PowerShell script to create Mode 1 consent receipts like these automatically.
  • The specification doesn’t call for it, but looking at the artefact, I would recommend adding a field or a footer that says “Personally Identifiable Information: Highly confidential and not for distribution” This is a standard administrative control for copies that are kept at the controllers’ and could provide some reassurance to the subject.

 

 

 

 


[s] Information marked with a superscript s may be treated as “Sensitive Personal Information”

[o] Purposes marked with a superscript o indicated an optional consent.