[WG-InfoSharing] Removing Subject ID Field from receipt fields

John Wunderlich john at wunderlich.ca
Fri Mar 11 09:39:40 CST 2016


It seems to me that the receipt that the user sees will, in the normal
course of events, be transmitted and displayed via the same channel by
which their personal information has been collected, so there is no
marginal increase in risk with including the basic identifying information
that ensures that this is THEIR consent. There may be advantages for the
organization generating the receipts in de-identifying them for analysis or
sharing, but keeping the identifying information in the copy/version of the
receipt itself would - I think - facilitate the ability of the company to
respond to “What information do you have about me” type requests.




Sincerely,
John Wunderlich
@PrivacyCDN

Call: +1 (647) 669-4749
eMail: john at wunderlich.ca

On 10 March 2016 at 19:53, Mark Lizar - OCG <m.lizar at openconsentgroup.com>
wrote:

>
> Hello CISWG,
>
> I have added a new issue to Github for discussion.  Another one of those
> long outstanding issues about how to present and transfer PII in the
> receipt.  This is relative to the specification review of the table fields.
>
>
> The issue #23 <https://github.com/KantaraInitiative/CISWG/issues/23> is a
> suggestion to remove the subject id field from the consent receipt field so
> that the consent receipt fields don't contain PII, but, instead, attached
> is the receipt payload with all of the data entered by the consent grantee.
>
> The benefit would be that the receipt fields themselves don't contain PII,
> thus are less sensitive themselves, with the PII entered into  the receipt
> delivered in the receipt payload. The payload of PII data would be
> provisioned to the consent grantee, but not displayed on the website, via
> the consent receipt as to protect privacy and be privacy by design.
> All thoughts welcome, especially on how to specify this in the
> specification (if it should be specified).
>
> Best,
>
> Mark
>
> _______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-infosharing
>
>

-- 

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 
If you have received this email in error please notify the system manager. 
This message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and 
delete this e-mail from your system. If you are not the intended recipient 
you are notified that disclosing, copying, distributing or taking any 
action in reliance on the contents of this information is strictly 
prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20160311/5d2f65b8/attachment.html>


More information about the WG-InfoSharing mailing list