Consent Receipt --> Re: Security of Personal Wellness Data - CEA

Thanks for sharing David. 

In regards to consent and notice, I have been working diligently the last two years to develop a common consent and notice format for creating consent records, or what we call a "Consent Receipt" We have v0.7 of a specification posted at the Kantara Initiative github repository, as well as a demo api for PING to review. 
https://github.com/KI-CISWG/MVCR/blob/master/KI-CISWG-Editorial-MVCR-V0_7-20150907.doc <https://github.com/KI-CISWG/MVCR/blob/master/KI-CISWG-Editorial-MVCR-V0_7-20150907.doc> (v0.7 spec)

Demo -http://mvcr.herokuapp.com/

We are promoting this as a way to develop consistent notice for sharing sensitive personal data. 

Kind Regards,

Mark Lizar
Executive Director
 Open Consent Group


> On 30 Oct 2015, at 00:09, David Singer <singer@apple.com> wrote:
> 
> FYI
> 
> 
> Think this was just published.  
> http://www.ce.org/healthprivacy <http://www.ce.org/healthprivacy>
> 
> Guiding Principles on the Privacy and Security of Personal Wellness Data
> 
> 
> Privacy is an evolving concept. Photography, railroads, the telephone—every technology forces us to reevaluate our notions of privacy. Consumers are making decisions to balance among technological benefits and privacy outcomes. CEA’s privacy guidelines <x-msg://69/CorporateSite/media/gla/CEA-Guiding-Principles-on-the-Privacy-and-Security-of-Personal-Wellness-Data-102215.pdf> can help companies to earn consumer trust by encouraging consistent personal wellness data management. 
>  
> 
> The Principles begin with Security, which underlies all privacy protections. Good security is the foundation of good data management. Without it, data is vulnerable to unauthorized disclosure.
> The Policy and Practice and Concise Notice principles complement one another. Policy and Practice asks companies to explain their data management practices. Concise notice puts those policies in an understandable format, stripping out the legalese and replacing it with straightforward statements relevant to consumers.
> Unaffiliated Third Party Transfers is a complicated name with a simple premise: when a company transfers personal wellness data to an unaffiliated company, it should get permission from consumers to make that transfer. 
> Fairness is a forward-thinking principle. As we learn from big data, it will be possible to make better decisions about all kinds of things, from how we manage our health to how multinational businesses allocate resources. However, any decision making process, whether human or automated, is vulnerable to unfairness. This principle reminds companies to be on guard against the possibility that decisions based on data analytics could create prejudicial outcomes for consumers. CEA is unaware of any instances of this happening, but the consequences are serious enough that we believe everyone should be vigilant.
> The ability to review personal data, correct it or request its deletion are necessary controls that prevent inaccuracies or dissemination of data beyond consumers’ control.
> Advertising Communications acknowledges that consumers sometimes prefer to control how companies communicate with them. This principle states that companies should give consumers the ability to opt-out of advertising that uses personal wellness data.
> Finally, Law Enforcement Response speaks to company and consumer concerns about surveillance. By disclosing how they respond to law enforcement requests, companies can give consumers certainty about their data.
> 
> David Singer
> Manager, Software Standards, Apple Inc.
> 

Received on Friday, 30 October 2015 12:26:31 UTC