Difference between revisions of "Data Controller Options"

From MgmtWiki
Jump to: navigation, search
(Obligations)
(Other Materiel)
 
(23 intermediate revisions by the same user not shown)
Line 4: Line 4:
 
==Context==
 
==Context==
 
*The [[GDPR]] started an effort by legal jurisdictions authority to limit the misuse of [[User Private Information]] that is spreading around the world.
 
*The [[GDPR]] started an effort by legal jurisdictions authority to limit the misuse of [[User Private Information]] that is spreading around the world.
 +
* A User in this context is a human being, or in other words a carbon-based life form. It is recognized that silicon-based life forms will need to be recognized in the future.
 
* The [[User Object]] that contains all of the attributes, behaviors and transactions that the [[Data Controller]] persists about the user is accessible to the user in its entirely with a few exceptions that are specifically called out in laws or regulations. For the purposes of this wiki, the subject identifier of the user object references the real-word user.
 
* The [[User Object]] that contains all of the attributes, behaviors and transactions that the [[Data Controller]] persists about the user is accessible to the user in its entirely with a few exceptions that are specifically called out in laws or regulations. For the purposes of this wiki, the subject identifier of the user object references the real-word user.
 +
* The terms User Object Controller and Data Controller are used interchangeably sometimes although there may be implementations where they are distinct concepts. An example of this is where there is a specific instance of a Data Processor, which is a distinction that is not germane in this context.
  
 
==Obligations==
 
==Obligations==
*The user is given increasingly control of their digitally-stored information as a reaction to the misuse of that information to track and annoy that user.
+
Most of these are direct legal obligations but some are derived from best practices to enforce both legal and ethical obligations.
 +
* The user is given increasingly control of their digitally-stored information as a reaction to the misuse of that information to track and annoy that user.
 +
* The user is given notification about the [[User Object]] stored by the [[Data Controller]] as well as events that impact that information like data breaches.
 +
* While data breaches have been the most significant source of threats against user privacy, the incidents of phishing of user credentials has been significant since at least 2018 and attempts to access user information by previously unknown devices will also generate user notices or even requests for user consent.
  
 
==Use Cases==
 
==Use Cases==
 
As there are many reasons for a web site to collect [[User Information]] so too there are many different design patterns that apply to the way those sites collect it. A few of those patterns are described here as [[User Experience]]s which are called user journeys or use cases.
 
As there are many reasons for a web site to collect [[User Information]] so too there are many different design patterns that apply to the way those sites collect it. A few of those patterns are described here as [[User Experience]]s which are called user journeys or use cases.
  
===User Object created first===
+
===User Object Identifier created first===
 
This use case covers the case where the life of the user object maintained on the site is likely to be of extended duration, say more than a decade or two.  Examples are school or medical records where the lifetime of the data is at least as long as the user that owns that [[identity]] described in the [[User Object]].
 
This use case covers the case where the life of the user object maintained on the site is likely to be of extended duration, say more than a decade or two.  Examples are school or medical records where the lifetime of the data is at least as long as the user that owns that [[identity]] described in the [[User Object]].
# Site describes to the user what the are and what they do with any [[User Information]] that the collect.
+
# Site describes to the user what they are and what they do with any [[User Information]] that they collect.
 +
# Notification channels and options are established to the user. This could be implicitly covered with the selection of the user subject identifier.
 
# User is asked to select a user name, which could be an existing email or phone number, if the user understands the limitations of that choice.
 
# User is asked to select a user name, which could be an existing email or phone number, if the user understands the limitations of that choice.
  
Line 21: Line 27:
  
 
===User Autentication===
 
===User Autentication===
 +
* User [[Authentication]] is designed to show that the user is in control of a method, or factor, that can be used repeatedly to re-establish connection of the user to the user object controller.
 +
* Some "identification" method, like [https://fidoalliance.org/ FIDO (Fast Identity Online)] and [http://pages.cpsc.ucalgary.ca/~joel.reardon/ Decentralized Identifiers] are actually authentication enablers that do not, by themselves, identify a real-world user.
 +
===User Notifications===
 +
These span a wide gamut of possibilities, a few of which are:
 +
# Publication to the government.
 +
# Publication in a newspaper of common availability.
 +
# Email sent to a user.
 +
# Pop-up in a user's smart phone.
 +
# SMS message to a user. ([https://krebsonsecurity.com/2021/03/can-we-stop-pretending-sms-is-secure-now/ This is easy to hijack] and should not be used for security purposes.)
 +
# Pop-up in the controller's web site.
 +
The choice of notification channel is up to the [[Data Controller]] so long as it is consonant with appropriate legal jurisdictions. Particularly helpful controllers will give the user a choice about notifications.
  
 
==References==
 
==References==
 
<references />
 
<references />
 
===Other Materiel===
 
===Other Materiel===
 +
* See the wiki page on [[Notice-centric ID]].
 
* The wiki on [[Data Controller]] gives a broader view of the field.
 
* The wiki on [[Data Controller]] gives a broader view of the field.
  
 
[[Category:Glossary]]
 
[[Category:Glossary]]
 
[[Category:Privacy]]
 
[[Category:Privacy]]

Latest revision as of 17:38, 17 March 2021

Full Title or Meme

A description of a few of the ways that a Data Controller might give the required level of control to the user of their information.

Context

  • The GDPR started an effort by legal jurisdictions authority to limit the misuse of User Private Information that is spreading around the world.
  • A User in this context is a human being, or in other words a carbon-based life form. It is recognized that silicon-based life forms will need to be recognized in the future.
  • The User Object that contains all of the attributes, behaviors and transactions that the Data Controller persists about the user is accessible to the user in its entirely with a few exceptions that are specifically called out in laws or regulations. For the purposes of this wiki, the subject identifier of the user object references the real-word user.
  • The terms User Object Controller and Data Controller are used interchangeably sometimes although there may be implementations where they are distinct concepts. An example of this is where there is a specific instance of a Data Processor, which is a distinction that is not germane in this context.

Obligations

Most of these are direct legal obligations but some are derived from best practices to enforce both legal and ethical obligations.

  • The user is given increasingly control of their digitally-stored information as a reaction to the misuse of that information to track and annoy that user.
  • The user is given notification about the User Object stored by the Data Controller as well as events that impact that information like data breaches.
  • While data breaches have been the most significant source of threats against user privacy, the incidents of phishing of user credentials has been significant since at least 2018 and attempts to access user information by previously unknown devices will also generate user notices or even requests for user consent.

Use Cases

As there are many reasons for a web site to collect User Information so too there are many different design patterns that apply to the way those sites collect it. A few of those patterns are described here as User Experiences which are called user journeys or use cases.

User Object Identifier created first

This use case covers the case where the life of the user object maintained on the site is likely to be of extended duration, say more than a decade or two. Examples are school or medical records where the lifetime of the data is at least as long as the user that owns that identity described in the User Object.

  1. Site describes to the user what they are and what they do with any User Information that they collect.
  2. Notification channels and options are established to the user. This could be implicitly covered with the selection of the user subject identifier.
  3. User is asked to select a user name, which could be an existing email or phone number, if the user understands the limitations of that choice.

User Identity

The totality of the user identity lives in the real world. This section applies to the attributes from the user identity that are requested for inclusion in the User Object.

User Autentication

  • User Authentication is designed to show that the user is in control of a method, or factor, that can be used repeatedly to re-establish connection of the user to the user object controller.
  • Some "identification" method, like FIDO (Fast Identity Online) and Decentralized Identifiers are actually authentication enablers that do not, by themselves, identify a real-world user.

User Notifications

These span a wide gamut of possibilities, a few of which are:

  1. Publication to the government.
  2. Publication in a newspaper of common availability.
  3. Email sent to a user.
  4. Pop-up in a user's smart phone.
  5. SMS message to a user. (This is easy to hijack and should not be used for security purposes.)
  6. Pop-up in the controller's web site.

The choice of notification channel is up to the Data Controller so long as it is consonant with appropriate legal jurisdictions. Particularly helpful controllers will give the user a choice about notifications.

References

Other Materiel