[WG-InfoSharing] Removing Subject ID Field from receipt fields
john at wunderlich.ca
Fri Mar 11 09:39:40 CST 2016
It seems to me that the receipt that the user sees will, in the normal
course of events, be transmitted and displayed via the same channel by
which their personal information has been collected, so there is no
marginal increase in risk with including the basic identifying information
that ensures that this is THEIR consent. There may be advantages for the
organization generating the receipts in de-identifying them for analysis or
sharing, but keeping the identifying information in the copy/version of the
receipt itself would - I think - facilitate the ability of the company to
respond to “What information do you have about me” type requests.
Call: +1 (647) 669-4749
eMail: john at wunderlich.ca
On 10 March 2016 at 19:53, Mark Lizar - OCG <m.lizar at openconsentgroup.com>
> Hello CISWG,
> I have added a new issue to Github for discussion. Another one of those
> long outstanding issues about how to present and transfer PII in the
> receipt. This is relative to the specification review of the table fields.
> The issue #23 <https://github.com/KantaraInitiative/CISWG/issues/23> is a
> suggestion to remove the subject id field from the consent receipt field so
> that the consent receipt fields don't contain PII, but, instead, attached
> is the receipt payload with all of the data entered by the consent grantee.
> The benefit would be that the receipt fields themselves don't contain PII,
> thus are less sensitive themselves, with the PII entered into the receipt
> delivered in the receipt payload. The payload of PII data would be
> provisioned to the consent grantee, but not displayed on the website, via
> the consent receipt as to protect privacy and be privacy by design.
> All thoughts welcome, especially on how to specify this in the
> specification (if it should be specified).
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. If you are not the intended recipient
you are notified that disclosing, copying, distributing or taking any
action in reliance on the contents of this information is strictly
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WG-InfoSharing